we are using the dirscan probe (3.05) to monitor a folder (windows platform) for zero byte files being created. However, because windows seems to create a zero byte file and then fill it as new files come in to the folder, I get false alarms occasionally.
Is it possible to combine two parts of dirscan into one alarm - ie file is less than 5 bytes and more than 3 minutes old ?
And if it is, can any variables be passed to a command from the dirscan alarm/automatic action tab ?
To hide the alarm untill 3 minutes has passed you could:
Set the interval to 3 minutes.
Make the incoming alarms invisible with a nas pre-processing rule.
Make it visible in a nas AO profile if the count > 2
You could get more acurate by generating two alarms from the dirscan. One on age>3mins and one on size<5 bytes. Make them both invisible then correlate these using triggers, or lua and create a new alarm.
To fire an action you can use the nexec probe and control it from a nas lua script.
A little convoluted I'm afraid
If I understand it right, no chance to do that by a native probe way, a shame indeed, because a relative simple question.
To be a bit sarcastic and put my experience into it, open a feature request and if you are lucky and some customer who is going to buy NMS and wants that feature and put it in its contract will get it ;-), so will you, if you do not have that luck, well sit and wait, can be a long time, and sometimes it never made it.
Otherwise, yes there is a way, to build a little wooden bridge for NMS, but just with scripting.
I'd go for logmon + powershell