Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Tuesday, December 11, 2012

You put 15GB of files on my Fileserver yesterday. Really?

So one of the first things I implemented in this job was system monitoring. I absolutely love Paessler PRTG. Not only does it alert me when my stuff is down, but it tracks historical things, like disk use, for instance (I should also give props to Paessler for giving me an Android and IPhone app!).

Well, last week the free space threshold was broken on one of my servers. I loaded up the historical data and saw that 15GB worth of space disappeared in a very short amount of time. In my experience, when that much space goes away all of a sudden, it's always been something silly, like a DBA backing up an entire SQL database to their home drive, or someone downloading seasons of TV shows. I needed to identify what files were created so I could see whether the files were legit and who uploaded them so that I could read them the riot act. Powershell to the rescue!

get-childitem -recurse | where {$_.CreationTime -like "*11/20/2012*"} | select name, length, fullname | out-file c:\temp\15GBReally.txt

So here, I'm getting all files that were created on 11/20/2012, and I'm returning their names and their paths, which I'm then outputting to a text file.

I'm sad to report that the files were indeed legit, and I had to bottle my deep, deep sysadmin rage.

1 comment:

  1. You can also try this:

    $CreationTime = Get-Date | % {$_.AddDays(5)}
    ls -recurse | where {$_.CreationTime -le $CreationTime} | where {$_.Length -ge 200000000}

    To get a list of files created in the last 5 days which are over 200 MB.