GFI Event is not Providing the Details of the Deleted Object

GFI Event is not Providing the Details of the Deleted Object (Full Version)

All Forums >> [Network Security] >> GFI EventsManager

Message

mobi_khan -> GFI Event is not Providing the Details of the Deleted Object (4.Jul.2008 9:51:47 AM)
Hi Guys, I have deployed the GFI Event Manager on our server and on the folders I have enabled the auditing for the user's action. I am getting alerst about the events perfromed by the users on those files and folders but I am facing probelm about the event information related to "Object Deleted". For this event I am not getting the whole informaiton about the file that has been deleted. That is I am only getting the infromaiton that an object is deleted and the name of the user who performed this action but I am not getting informaiton about the file name and its excat locaiton from where it has been deleted. Please hep me in this regard how I can get the complete informaiton about the object i.e. Name of the file and the Path which has been deleted by the user. Please see the alert below which i am getting: Object Deleted: Object Server: Security Handle ID: 11120 Process ID: 4 Image File Name: SERVER-PK03 7:21:51 PM 7/4/2008 SERVER\Shahzad.Siddique Security SENRVER-PK03 Please help me guys.

DrewE -> RE: GFI Event is not Providing the Details of the Deleted Object (7.Jul.2008 10:50:32 AM)
For clarification, do you see these details in the Windows Event Log (outside of GFI?)

mobi_khan -> RE: GFI Event is not Providing the Details of the Deleted Object (8.Jul.2008 9:34:58 AM)
No, I do not see deatils about the deleted objects in windows event log, but I remembered that a long time ago while i was running tests for GFI Event manager deployment I was able to get complete informaiton about the file deleted. Please help me in resolving the issue.

mobi_khan -> RE: GFI Event is not Providing the Details of the Deleted Object (15.Jul.2008 9:54:22 AM)
Guys, Any update/help form your side about the issue?? I am unable to see about the file information and its path which is deleted. I am putting again what i am getting in the alerts. Please help me. Object Deleted: Object Server: Security Handle ID: 23124 Process ID: 4 Image File Name:

DrewE -> RE: GFI Event is not Providing the Details of the Deleted Object (15.Jul.2008 1:54:10 PM)
In regards to our product, we can only see what the windows event log detects. Typically, if there are any changes that can be made, they would be to the auditing settings to detect this information. You would need to consult with Microsoft in order to get the necessary information into the windows event log first.

Page: [1]