I need to monitor file operations on a server. Is this possible with CBFS Filter?



In certain cases, it may be desirable for a CBFilter/CBMonitor-based application to be able to track filesystem operations performed on a remote system, such as a file server. It is important to understand the limitations of Windows' filesystem filtering mechanisms in order to maintain reasonable expectations when developing for such use-cases.

The CBFS Filter system drivers must be installed on a machine in order for an application built with CBFilter or CBMonitor to be able to track filesystem requests on it; and similarly, the CBFilter and CBMonitor components can only track filesystem requests that are made against a local filesystem.

For example, imagine an environment with a file server S, and two client machines C1 and C2. If C1 and C2 have both mounted the filesystem shared by S as a network drive, then there are two options for tracking all requests directed at that filesystem:

  1. Install the application on S and track filesystem operations on the shared drive.
  2. Install the application on both C1 and C2 and track filesystem operations on the mounted network drive.
In the latter case, it is necessary to install the application on both client machines because the requests that originate on C1 cannot be seen on C2, and vice versa.

Request Modification

Modification of file read/write requests will only work correctly for local filesystems due to how Windows actually transfers the data internally. Attempting to modify the file data carried by a read/write request made against a locally-mounted network drive will always fail.

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at support@callbacktechnologies.com.