Live Demo
Free Edition
Download NowObject Access » Object Access Event: 5140
Event ID 5140 – A Network Share Object Was Accessed
| Event ID | 5140 |
| Category | Object Access: File Share |
| Type | Success Audit; Failure Audit |
Whenever a network share object is accessed, event ID 5140 is logged. The access is logged only the first time the attempt is made, i.e., it is logged only once per session.
This event log contains the following information:
- Security ID
- Account Name
- Logon ID
- Object Type
- Source Address
- Source Port
- Share Name
- Share Path
- Access Mask
- Accesses
Why does event ID 5140 need to be monitored?
- To monitor all the accesses and shares of high value computers
- To check if the access is from our internal IP range
- To ensure certain computers do not connect with other specific computers
- To monitor access attempts from a specific IP address
- To monitor specific access types, like "WriteData"
Pro Tip:
ADAudit Plus helps audit all Windows File Server and file share events, thus helping you meet your security, operational, and compliance needs with absolute ease.
Event 5140 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools