namerg
asked on
How to read "Message" objects from Server 2016 Security event viewer log ?
Hello, I have been task to enable file auditing in a windows server 2016. I did enable it and it is populating the Windows Everviewer Security log.
I have the following code but I would like to read or parse the contents of the "Message" I do not need all the Message values.
Thanks for your help
I have the following code but I would like to read or parse the contents of the "Message" I do not need all the Message values.
Get-WinEvent -LogName Security | Where {$_.Id -eq "4663"} | Format-List -Property Id, MachineName, UserId, TimeCreated, Message
Id : 4663
MachineName : computername.domain.lcl
UserId :
TimeCreated : 1/19/2018 8:00:02 AM
Message : An attempt was made to access an object.
Subject:
Security ID: S-1-5-21-4088890742-1793510203-2559070022-10247
Account Name: domainaccount
Account Domain: DOMAIN
Logon ID: 0x87273C8
Object:
Object Server: Security
Object Type: File
Object Name: D:\FilePath\FileName.xls
Handle ID: 0xedc
Resource Attributes: S:AI
Process Information:
Process ID: 0x4
Process Name:
Access Request Information:
Accesses: WriteData (or AddFile)
Access Mask: 0x2
I would like to have the Account Name, Account Domain, Object Type, Object Name and the Access Request Information: Accesses.Thanks for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER