spinjector Posted May 20, 2011 Share Posted May 20, 2011 Hi all,I'm about to embark on some upgrades of our servers & networks.We're a media company, and have huge numbers of huge files - 10MB, 100MB, 1000MB. Yes that big, many of them WAV files.I need to start deleting old files or transferring them to offline storage, but trying to figure out what gets used is impossible. And it's useless asking anyone because all I get is the deer-in-headlights look, or stark-raving-fear-terror-OMG-NO-I-NEED-THAT even though it hasn't been touched in months.So it seems NTFS File Auditing is the beast I need, but I've never used it before.This is what I need to do: as time goes on, I want to query the file system for files that have NOT been accessed in the past month, year, and so on.Can NTFS Audit do this?Can someone point me toward a good website for NTFS Audit..?Thanks. Link to comment Share on other sites More sharing options...
allen2 Posted May 20, 2011 Share Posted May 20, 2011 You should try the command find.exe from the unix tool.find.exe c:\windows -atime +365 -mtime +365 for example will list all files in c:\windows with access date and modified date older than 365 days. Link to comment Share on other sites More sharing options...
spinjector Posted May 21, 2011 Author Share Posted May 21, 2011 Oh wow. I'll try that on Monday. That may be exactly what I need.Are the default settings of the NTFS file system sufficient for this to work?Does anything need to be set to activate the last-accessed metadata, or is that turned on by default..?Do any "simple" actions like directory listings or the activity of shmedia.dll trigger an update of the last-accessed data? Link to comment Share on other sites More sharing options...
allen2 Posted May 21, 2011 Share Posted May 21, 2011 Are the default settings of the NTFS file system sufficient for this to work? Yes of course unless you disabled it.Does anything need to be set to activate the last-accessed metadata, or is that turned on by default..? Nothing need to be activated. The last access setting might not be accurate on some system and environment.Do any "simple" actions like directory listings or the activity of shmedia.dll trigger an update of the last-accessed data? Directory listing shouldn't and i don't know for shmedia.dll. Link to comment Share on other sites More sharing options...
jaclaz Posted May 21, 2011 Share Posted May 21, 2011 .... because all I get is the deer-in-headlights look, ...Very nice and descriptive! I often happen to provoke that, and didn't know how to call it! jaclaz Link to comment Share on other sites More sharing options...
spinjector Posted May 23, 2011 Author Share Posted May 23, 2011 HA!!!!Jaclaz, That's exactly the look I get..!!! Allen, thank you! That Unix find.exe is working perfectly. I've just been playing with the -atime, -mtime, and -ctime and getting various results which i should be able to modify to my needs Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now