Link to home
Start Free TrialLog in
Avatar of namerg
namergFlag for United States of America

asked on

How to read "Message" objects from Server 2016 Security event viewer log ?

Hello, I have been task to enable file auditing in a windows server 2016. I did enable it and it is populating the Windows Everviewer Security log.
I have the following code but I would like to read or parse the contents of the "Message" I do not need all the Message values.
Get-WinEvent -LogName Security | Where {$_.Id -eq "4663"} | Format-List -Property Id, MachineName, UserId, TimeCreated, Message

Open in new window


Id          : 4663
MachineName : computername.domain.lcl
UserId      : 
TimeCreated : 1/19/2018 8:00:02 AM
Message     : An attempt was made to access an object.
              
              Subject:
              	Security ID:		S-1-5-21-4088890742-1793510203-2559070022-10247
              	Account Name:		domainaccount
              	Account Domain:		DOMAIN
              	Logon ID:		0x87273C8
              
              Object:
              	Object Server:		Security
              	Object Type:		File
              	Object Name:		D:\FilePath\FileName.xls
              	Handle ID:		0xedc
              	Resource Attributes:	S:AI
              
              Process Information:
              	Process ID:		0x4
              	Process Name:		
              
              Access Request Information:
              	Accesses:		WriteData (or AddFile)
              				
              	Access Mask:		0x2

Open in new window

I would like to have the Account Name, Account Domain, Object Type, Object Name and the Access Request Information: Accesses.
Thanks for your help
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of namerg

ASKER

Excellent. You are a genius as usual.