Hi Guys,
I am trying to set up a trigger that would fire whenever a file (any file) is deleted from a server.
I currently have this:
({File deletion monitoring:eventlog[Security,,,,,,skip].logeventid(560|564)}=1)&({File deletion monitoring:eventlog[Security,,,,,,skip].str(Object Deleted)}=1)
This works fine when it comes to firing a trigger whenever a file is deleted but {ITEM.LASTVALUE} or any other values contain only the value of Event ID 564 which does not contain any information about the deleted file (filename, who deleted etc.) As you may know this information is in a seperate Event ID 560. The only way to identify which Event ID 560 corresponds to which Event 564 is to check Handle IDs. They will be the same in both.
How do I change the trigger so that the users will get the contents of the Event ID 560 but not Event ID 64, which is useless because it does not contain any information about the deleted file.
Thanks in advance.
I am trying to set up a trigger that would fire whenever a file (any file) is deleted from a server.
I currently have this:
({File deletion monitoring:eventlog[Security,,,,,,skip].logeventid(560|564)}=1)&({File deletion monitoring:eventlog[Security,,,,,,skip].str(Object Deleted)}=1)
This works fine when it comes to firing a trigger whenever a file is deleted but {ITEM.LASTVALUE} or any other values contain only the value of Event ID 564 which does not contain any information about the deleted file (filename, who deleted etc.) As you may know this information is in a seperate Event ID 560. The only way to identify which Event ID 560 corresponds to which Event 564 is to check Handle IDs. They will be the same in both.
How do I change the trigger so that the users will get the contents of the Event ID 560 but not Event ID 64, which is useless because it does not contain any information about the deleted file.
Thanks in advance.
Comment