need help reading security logs with file/folder auditing data...

[ceez]

hello everybody,

I enabled file/folder auditing on one of our network shares. Now I get security events with the following information. I just want to learn how to read them correctly for when I am asked who's modified/deleted or moved.

I am pasting an example of one of the events:

Event Type: Success Audit

Event Source: Security

Event Category: Object Access

Event ID: 560

Date: 4/23/2007

Time: 11:07:56 AM

User: NEWYORK\MRenjifo

Computer: BANSRV02

Description:

Object Open:

Object Server: Security

Object Type: File

Object Name: D:\Arch\26085.100 - TV Studio\Arch\Plans\X26085-FP01.dwg

Handle ID: 6556

Operation ID: {0,647890796}

Process ID: 4

Image File Name:

Primary User Name: BANSRV02$

Primary Domain: NEWYORK

Primary Logon ID: (0x0,0x3E7)

Client User Name: MRenjifo

Client Domain: NEWYORK

Client Logon ID: (0x0,0x267A22BB)

Accesses: READ_CONTROL

ReadData (or ListDirectory)

WriteData (or AddFile)

AppendData (or AddSubdirectory or CreatePipeInstance)

ReadEA

WriteEA

ReadAttributes

WriteAttributes

I see the folder/file path but what about all that info on the bottom "Acesses:".

Read, write, append, readea, writeea, etc....

can someone help me out in being able to understand these?!?!

thanks,

ceez