We occasionally have configurations in web.config(s) being changed by the IT team on live production servers. I would like to create an audit trail, e.g., "On October 11 the property "foo" in file "bar" was changed to "banana".
My first thought was to create a PowerShell script that would run every hour, and if one of the .config files changed, save it off in a time stamped folder. My second thought was that this must be a problem that has already been solved.
Ideally, config file changes would not be allowed and any change would require a new deployment, but it's unlikely I could push that through.
I say "web.config" but I have a few different xml config files: web.config, app.config, nant.configs.
I need to know exactly what in these config files changed (approximately) when and (ideally) by whom.
Is there some kind of standard way or open source tool to do file change logging?
As mentioned in the comments, there are most likely third party tools that could help here. There is nothing built into Windows which allows you to do this out of the box.
If I had to do this myself I would do something like this:
Write a small tool to monitor the files to watch. This would use a FileSystemWatcher object. On NTFS drives a change to a watched file would trigger an event automatically.
The code for the event would just copy the file over to a different location which is under source control (say Git) and trigger a commit and possibly a push to a remote server.
Using this you can see what exactly changed in the file.
In addition you can enable Windows auditing on the files to see who made the changes.
I wouldn't write the tool in PowerShell, but as a Windows service that runs in the background and monitors changes in real time.