One additional note: Because of the way that a system access control list (SACL) is checked, a SUCCESS event may...
only indicate that there was an attempt to delete a file. You may need to look a bit more to determine if the attempt was successful. Numerous software packages can be purchased that will aggregate and search through logs looking for specific events. I don't know how extensive your needs and requirements are, but you might take a look first at some free tools.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.