HI All
I has SLM to collect windows event , include file auditing log.
We want to differentiate between "read" and "write" file action log, but
Office file open file will generate a temp file , so also create a write
file action.
the issue will make admin confused about user action. so we want to
filter Office temp file(~xxx.doc / ~bbb.xls / ~ccc.ppt) in report, which
command will rule could help me filter these log ??



wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=50694