rookie_b
asked on
Check Multiple EVTX archived logs events for a particular user
I need to check multiple archived evtx logs to check what files a particular user has accessed or changed. Object access auditing is enabled and logs are set to archive at a certain size, so I need a way to go through those and export all File System audit events for that user. I was wondering if there is a way to run this against multiple logs at the same time and there probably is a better way of doing that than running multiple ISE instances.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: 'David Johnson, CD' (https:#a43347553)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: 'David Johnson, CD' (https:#a43347553)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
ASKER