如何使用 C# 检测本地网络上的文件复制?
How to detect file copy over local network with C#?
我必须使用 .NET Framework 创建一个简单的应用程序,该应用程序检测远程用户何时从应用程序将 运行 打开的机器上复制某些文件。
例如。
- Machine1(应用程序会运行这里)
- 机器2
Machine2 上的用户访问 Machine1 上的共享目录并将一些文件复制到某些 Machine2 目录.
我需要记录复制的文件名和请求复制的 IP/DNS。
有Windows消息吗?
甚至任何 IO class?
A requirement is that I have to do this through a custom application.
您无法从 C# 程序中检测到文件是否已被访问,没有任何消息或公开的 API 会在访问发生时告诉您。您需要在 OS 中更进一步。这样做的正常方法是设置 windows 本身通过 Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\ 下的组策略进行监控,然后启用 Object Access: File Share.
这将创建如下所示的审核日志条目
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/14/2013 2:08:25 AM
Event ID: 5145
Task Category: Detailed File Share
Level: Information
Keywords: Audit Success
User: N/A
Computer: RootMS01.Reskit.com
Description:
A network share object was checked to see whether client can be granted desired access.
Subject:
Security ID: RESKIT\Administrator
Account Name: Administrator
Account Domain: RESKIT
Logon ID: 0x49199
Network Information:
Object Type: File
Source Address: 10.10.10.11
Source Port: 61361
Share Information:
Share Name: \*\Shares
Share Path: \??\C:\Shares
Relative Target Name: UserHomeFolder\LSkywalker\Projects.txt
Access Request Information:
Access Mask: 0x120089
Accesses: READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
ReadEA
ReadAttributes
Access Check Results:
READ_CONTROL: Granted by Ownership
SYNCHRONIZE: Granted by D:(A;;FA;;;WD)
ReadData (or ListDirectory): Granted by D:(A;;FA;;;WD)
ReadEA: Granted by D:(A;;FA;;;WD)
你可以在日志中看到被访问的文件和访问它的机器的IP,你需要做的就是编写一个C#程序reads the log并提取你需要的信息。
我必须使用 .NET Framework 创建一个简单的应用程序,该应用程序检测远程用户何时从应用程序将 运行 打开的机器上复制某些文件。
例如。
- Machine1(应用程序会运行这里)
- 机器2
Machine2 上的用户访问 Machine1 上的共享目录并将一些文件复制到某些 Machine2 目录.
我需要记录复制的文件名和请求复制的 IP/DNS。
有Windows消息吗?
甚至任何 IO class?
A requirement is that I have to do this through a custom application.
您无法从 C# 程序中检测到文件是否已被访问,没有任何消息或公开的 API 会在访问发生时告诉您。您需要在 OS 中更进一步。这样做的正常方法是设置 windows 本身通过 Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\ 下的组策略进行监控,然后启用 Object Access: File Share.
这将创建如下所示的审核日志条目
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/14/2013 2:08:25 AM
Event ID: 5145
Task Category: Detailed File Share
Level: Information
Keywords: Audit Success
User: N/A
Computer: RootMS01.Reskit.com
Description:
A network share object was checked to see whether client can be granted desired access.
Subject:
Security ID: RESKIT\Administrator
Account Name: Administrator
Account Domain: RESKIT
Logon ID: 0x49199
Network Information:
Object Type: File
Source Address: 10.10.10.11
Source Port: 61361
Share Information:
Share Name: \*\Shares
Share Path: \??\C:\Shares
Relative Target Name: UserHomeFolder\LSkywalker\Projects.txt
Access Request Information:
Access Mask: 0x120089
Accesses: READ_CONTROL
SYNCHRONIZE
ReadData (or ListDirectory)
ReadEA
ReadAttributes
Access Check Results:
READ_CONTROL: Granted by Ownership
SYNCHRONIZE: Granted by D:(A;;FA;;;WD)
ReadData (or ListDirectory): Granted by D:(A;;FA;;;WD)
ReadEA: Granted by D:(A;;FA;;;WD)
你可以在日志中看到被访问的文件和访问它的机器的IP,你需要做的就是编写一个C#程序reads the log并提取你需要的信息。