Description
The PowerShell Script below is intended to count files with SCOM. Of course it can be used as a standalone Script too.
To use this Script with SCOM three Rules are required :
1. A Timed Command Rule to execute the Powershell Script.
2. A second Event Collection Rule to collect the Event Logs created by the Script.
3. A third Alert Generating Rule to generate an Alert once the threshold has been exceeded.
Powershell Script
# CountFilesWithSCOM.ps1
# Version 1.0
# Date: 14/02/2020
# Author: Cengiz KUSKAYA
# Description: A PowerShell Script to Count Files with SCOM
Requirements
# The following commands needs to be executed on the servers where you want to count the
# files. You have to execute the below commands one time over an elevated powershell window
# to create the "CountFileMonitor" event source.
# - Set-ExecutionPolicy Unrestricted
# - New-eventlog -logname Application -source CountFileMonitor
Set-ExecutionPolicy Unrestricted # Here, we are defining the variables for the folders and the thresholds for the folders. $Folder1 = "C:\AA\BB\CC" $Folder2 = "E:\WW\QQ" $Folder1Threshold = 5 $Folder2Threshold = 3 # Here, we are counting the files and saving the result into a variable. $Pass1Count = (get-childitem $Folder1 -Recurse -EA SilentlyContinue | where-object {-not ($_.PSIsContainer)}).Count $Pass2Count = (get-childitem $Folder2 -Recurse -EA SilentlyContinue | where-object {-not ($_.PSIsContainer)}).Count # Now we are checking which predefined folder exists on the server and looking if the count is greater than the defined threshold. If yes we are logging an event to the Application Event log. Test-Path -Path $Folder1 -PathType Container -EA SilentlyContinue if ((Test-Path $Folder1) -AND ($Pass1Count -gt $Folder1Threshold)) {write-eventlog -logname Application -source CountFileMonitor -eventID 9999 -entrytype Error -message "File count in the folder C:\AA\BB\CC exceeded the defined threshold of 5 files." -EA SilentlyContinue} if ((Test-Path $Folder1) -AND ($Pass1Count -lt $Folder1Threshold)) {write-eventlog -logname Application -source CountFileMonitor -eventID 9990 -entrytype Information -message "File count in the folder C:\AA\BB\CC is below the defined threshold of 5 files." -EA SilentlyContinue} if ((Test-Path $Folder2) -AND ($Pass2Count -gt $Folder2Threshold)) {write-eventlog -logname Application -source CountFileMonitor -eventID 9999 -entrytype Error -message "File count in the folder E:\WW\QQ exceeded the defined threshold of 3 files." -EA SilentlyContinue} if ((Test-Path $Folder2) -AND ($Pass2Count -lt $Folder2Threshold)) {write-eventlog -logname Application -source CountFileMonitor -eventID 9990 -entrytype Information -message "File count in the folder E:\WW\QQ is below the defined threshold of 3 files." -EA SilentlyContinue}
Good luck !