Event Details
User Activity->Object Access->File System Object Access->InTrust Plug-in for File Access->File Object Access->EventID 769 - File read.
EventID 769 - File read.
 Sample: 
Event Type:     SuccessAudit
Event Source:   Quest File Access Audit Source
Event Category: Remote Access
Event ID:       769
Date:           10/28/2009
Time:           09:58:38
User:           RESEARCH\CBrown
Computer:       SERVER
Description:    
File read: 

	User Name: CBrown 

	User Domain: RESEARCH 

	User Logon ID: (0x0,0xC2252) 

	User IP Address: 10.0.0.1 

	File Path: C:\documents\Compaign.doc 

	Data Read: 0x00000000 - 0x000000A5 (165 Bytes) 

	Transaction ID:  

	Shadow Copy:
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Quest File Access Audit
Filtering Field Equals to Value
Category ITFA:Remote Access
Source Quest File Access Audit Source
EventId 769
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 10.10.2000 19:00:00
Who Account or user name under which the activity occured. User Name CBrown
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "File System Object Read" File System Object Read
Where The name of the workstation/server where the activity was logged. Computer DC1
Where From The name of the workstation/server where the activity was initiated from. User IP Address 10.0.0.1
Severity Specify the seriousness of the event. "Medium" Medium
WhoDomain -
WhereDomain -
Result Successful or Failed "Successful" Successful
Object Name File Path C:\documents\Compaign.doc
Object Type "File" File
Whom -
Access Type Category AttestationReview
Shadow Copy Shadow Copy
Comments
You must be logged in to comment