I can’t find an answer to this anywhere. How does a file server log events for users connecting to resources? Does the server log a logon event every time a user opens a file in a directory, or should it just log one event for the intitial authentication within a certain time period?
I am seeing a tremendous amount of logon and logoff events for certain user id’s in a very short period of time.
Thanks,