0

I enabled Object Access auditing on my Windows 10 laptop using the instructions on this page. I then enabled auditing on a file (i.e. Sleep Times.csv). I accessed the file and manually looked through the Windows Logs > Security events in Event Viewer. I found that an event was generated.

I would like to execute a query that shows me all of the events where Object Name == ...\Sleep Times.csv. How do I do this?

Improve this question

1 Answer 1

Reset to default
1

You can try the following using command prompt as an administrator:

wevtutil qe Security | findstr /C:"Sleep Times"
Improve this answer
2
  • I think /C: is causing the error message FIND: Invalid switch
    – Nathan
    Commented Mar 26, 2021 at 21:27
  • 1
    @Nathan Need to use findstr not find.
    – Reddy Lutonadio
    Commented Mar 26, 2021 at 21:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .