Protocol Audit Logs in Isilon

Hello All, A deletion issue is reported and I am trying to understand the protocol audit logs. With so many codes and unknown codes it is becoming exhausting to the tons of lines generated. Could someone please help me to understand how to read this? • Payload Type- Does it imply any type of activity like delete/rename? Can I have a list of functions against the alphanumeric string? Where can I find this? • desiredAccess":1048704 – Does this imply the nature of request placed by the user. Is the number in a decimal format and do we have to convert the same in the form of a hexadecimal number? If so do I have to consider the entire number and is it associated with the Microsoft smb mask http://msdn.microsoft.com/en-us/library/ff469915.aspx Post conversion in many cases the result is not matching with the listed numbers, could you please help me to understand this? • What are createdispo and fsId? • The file name is in the form of a alphanumeric string? Is it the media’s internal id i.e. id allocated once written into Isilon storage? How can we index it to original name of the file? It would be really helpful if someone can please translate these for me. Thanks.