File Integrity Monitoring Using the Perch Log Shipper

Getting started

Utilizing the Log Shipper, Perch provides comprehensive file integrity monitoring for Windows-based systems.

Implementing file integrity monitoring on a specific system begins with downloading and installing the Perch Log Shipper.

  1. Go to Settings > Sensors.
  2. Click the Download the Installer hyperlink.
  3. From there, follow the deployment instructions provided in the Perch Log Shipper documentation.


Once the Log Shipper is installed, the Auditbeat configuration file (auditbeat.yml) will need to be modified to include the file/directory paths to be monitored.

  1. Before editing the auditbeat.yml file, we recommend that you stop the “perch-auditbeatservice.
  2. Once the service is stopped, navigate to C:\Program Files\Perch\configs. From there, right-click on the auditbeat.yml file and click Edit.
  3. Within the Auditbeat config file, go to the Modules configuration section. You’ll see a list of default file paths.
  4. Using the same syntax, add the additional file paths to be monitored (see sample audtibeat.yml below).

  1. To have the Auditbeat agent automatically scan subdirectories, add the following line below the last file path listed:

    recursive: true
  2. Once the additional file paths have been added to the Auditbeat configuration, save the file and restart the “perch-auditbeatservice.

Auditbeat will proceed to perform an initial scan of the directories and should begin reporting on changes to the files contained shortly after, depending on the size of the directories included.


To get started with file integrity monitoring, there is a “File Integrity Monitoring” dashboard which can be installed from the Perch Marketplace.