MonitorWare Knowledge Base

Below is some output from a script I was playing with. At the bottom you see these %%numbers and I'm trying to figure out how to make them more meaningful. I am converting them manually right now but someone might know a function or a place in the registry to get them. Thanks in advance for any help offered. Thanks.

--------------------------
EventType -> Failure Audit
Computer -> 78CTTM4
RecordNumber -> 74
Category -> 3
Source -> Security
Data ->
EventID -> 560
Length -> 0
TimeGenerated -> 1093628015
Timewritten -> 1093628015
Strings -> Security
File
C:\zDoD\dummy
-
0
220923
1140
ahug
ACCT05
(0x0,0xC1C5)
-
-
-
%%1537
%%1541
%%4423

-



--notes--
Regular Expression
1537|4417|4418|4420|4424
Where :
1537 = Delete
1538 = Read_CONTROL
1541 = synchronize
4416 = ReadData(or List Directory)
4417 = WriteData(or Add File)
4418 = AppendData (or AddSubdirectory or CreatePipeInstance)
4419 = ReadEA
4420 = WriteEA
4423 = ReadAttributes
4424 = WriteAttributes


Info
String0 = Object Server :
String1 = Object Type :
String2 = File Name :
String3 = New Handle ID :
String4 = Operation ID Start
String5 = Operation ID End
String6 = Process ID
String7 = Primary User Name :
String8 = Primary Domain :
String9 = Primary Logon ID :
String10 = Client User Name :
String11 = Client Domain :
String12 = Client Logon ID :
String13 = Accesses :
String14 = Privileges :