I have setup File Access Auditing on a folder. I have created a Filter in the the event Viewer to see the events. What I can't figure out is how to have these event logs saved off at a regular interval to a storage location. Also what is the best way to create reports for management from these event logs. Basically I need to create manager reports for file access in a particular folder.

use LOGPARSER tool. one example for File Share auditing would be: SELECT EXTRACT_TOKEN(Strings, 1, '|') as User, EXTRACT_TOKEN(Strings, 2, '|') as Domain, EXTRACT_TOKEN(Strings, 5, '|') as IP, SUBSTR(EXTRACT_TOKEN(Strings, 7, '|'), 4) as Share FROM Security WHERE EventID = 5140 AND Share <> 'IPC$' or another SELECT Count(*) as Count, EXTRACT_TOKEN(Strings, 1, '|') as User, SUBSTR(EXTRACT_TOKEN(Strings, 7, '|'), 4) as Share FROM Security WHERE EventID = 5140 AND Share <> 'IPC$' GROUP BY Share, User ORDER BY Count, User ondrej.

That sure is a fancy script, but doesn't help. I know who to parse the files for the info I need. The real question, I guess, is "How do I save off an event log before it rolls over?"

That sure is a fancy script, but doesn't help. I know how to parse the files for the info I need. The real question, I guess, is "How do I save off an event log before it rolls over?"

this has been resolved