Is there a way to get an alert when a file named SQL.log is created in Windows/temp in Windows Server 2012r2?
File SQL.log is randomly created in Windows/temp folder, which start growing and growing. I deleted, but I would like to be alerted as soon it is created to be able to "read" it and prevent the issue in other servers.
This one might help.
You can achieve that with Windows Auditing natively too.
Type gpmc.msc, or gpedit.msc.
Navigate to “Computer Configuration” ➔ “Windows Settings” ➔ “Security Settings” ➔ “Local Policies” ➔ “Audit Policy”.
Double-click “Audit Object Access”
Click “Define these policy settings” checkbox. Click “Success” and “Failure”.
Now, you need to select that auditing to the folder;
Open “Windows Explorer”, and navigate to the folder that you want to track.
Right-click the folder and select “Properties”, and go to the Security tab
Click “Advanced” to access “Advanced Security Settings”. In “Advanced Security Settings” window, navigate to “Auditing” tab.
To create a new auditing entry, click “Add”. “Auditing Entry” window will appears
Click “Select a Principal” to choose users whose activities you want to track, for your case select Everyone, or if your SQL instance run under a username, please add it there, it will limit the scoop of the auditing.
Click Ok, Select “All” in “Type” drop-down menu.
Select the permission you want, and click ok 3 time to get out of that windows.
Now to monitor it, we will check the event viewer.
Filter on the event id 4616, to see file creation.
5 people are following this question.