Exclude and Include Patterns
A wild card is normally represented by a asterisk character (*). This denotes that any characters can replace it in that position. Each line represents an inclusion/exclusion and you can use as many patterns as you need on either side. You can also use as many wildcard characters (*) as you want per pattern to allow flexible matching against the changes being detected.
From version 2.9.9.10, user names and process names are also included in the filters if they are prefixed with a question mark (?). The same filtering rules apply with wild cards, the question mark (?) prefix indicates that the filter needs to be applied to user names and process names that are detected and not file names.
Renames
From version 2.10.5.0, only excludes will apply to the old file name. Previous versions would apply filters on both the old and new file name making it difficult to exclude predictably when you need to see events for excluded old file names with included new file names.Be aware of this when using filters with renames. Excluding is strict and will apply to both the old and new file name.
Screenshot
You can edit the include and exclude filters on the directory options screen:
http://www.deventerprise.net/Images/directorymonitor/support_include_exclude.pngExamples
Here are some examples:
Example 1: Extensions
*.txt - Will exclude/include all files with the TXT extension. This will only match files that ends with TXT which is a common mistake, the match end at TXT and will not extend past the extension.
C:\temp\newfile.txt = match
C:\Backup\anotherfile.txt = match
C:\temp\script.bat = no match
C:\temp\doubleextension.txt.tmp = no match (to match this as well use *.txt*)
Example 2: Directories and subdirectories
C:\MonitoredDirectory\Testing\* - Will exclude/include all file and directories under the 'Testing' folder.
C:\MonitoredDirectory\doc123.txt = no match
C:\MonitoredDirectory\Testing\anything.fle = match
C:\MonitoredDirectory\Testing\SubDir\deleteme.tmp = match
Example 3: File in directories
C:\Folder\Sub\*.* - Will exclude/include all files with any extension in the directory 'Sub' which is a subdirectory of 'Folder'.
C:\Folder\new image file.bmp = no match
C:\Folder\Sub\my image.jpg = match
C:\temp\newfile.txt = match
C:\Backup\anotherfile.txt = match
C:\temp\script.bat = no match
C:\temp\doubleextension.txt.tmp = no match (to match this as well use *.txt*)
Example 2: Directories and subdirectories
C:\MonitoredDirectory\Testing\* - Will exclude/include all file and directories under the 'Testing' folder.
C:\MonitoredDirectory\doc123.txt = no match
C:\MonitoredDirectory\Testing\anything.fle = match
C:\MonitoredDirectory\Testing\SubDir\deleteme.tmp = match
Example 3: File in directories
C:\Folder\Sub\*.* - Will exclude/include all files with any extension in the directory 'Sub' which is a subdirectory of 'Folder'.
C:\Folder\new image file.bmp = no match
C:\Folder\Sub\my image.jpg = match
C:\Folder\Sub\New Folder\document.doc = no match (only files in Sub, not subdirectories of it, see example 2)
Example 4: Multiple wildcards
*\IgnoreDir\*.* - Will exclude/include all files inside any directory called 'IgnoreDir'.
C:\Temp\ = no match
C:\Temp\IgnoreDir\New Folder\ = no match (only file are matched when using *.*, to match everything just use *)
C:\Temp\IgnoreDir\New Folder\somefile.tmp = match
C:\*\garbage.* - Will exclude/include any files on the C: called 'garbage' with any number of extensions.
Example 5: User names and process names
?*Jimmy* - Will exclude/include all changes made by a user called 'Jimmy'.
Machine-Name\James = no match
Jimmy@mynetwork.com = match
?*Jimmy* - Will exclude/include all changes made by a user called 'Jimmy'.
Machine-Name\James = no match
Jimmy@mynetwork.com = match
Domain-Name\Jimmy = match
The same rules apply to process names.
?*scanner*.exe - Will exclude/include all changes made by process names starting with 'scanner'.
C:\Program Files\Anti-Virus\antiv.exe = no match
C:\Program Files\Anti-Virus\scanner.exe = match
C:\Program Files\Anti-Virus\scanner.exe = match
C:\Program Files\Anti-Virus\scannerV5.exe = match
NB: Always test your exclusions and inclusions to ensure that you are not inadvertently filtering in (or out) files that you expect to want see in the monitoring logs. Excluded files are also excluded from any further plugin processing such as emails and application execution.