Event log Flitering

Sometimes the standard event log filtering just isn’t enough, you need and more refined search criteria.

I find the best way to do this it Is to select the current event log category that you wish to search then filter current log.

This adds all the search criteria and selection criteria that you need. You can then begin to edit the query using XML tab. You will see something such as the following:

In that list you will see a select statement between the two >< you will see an *. Here is where you enter your select query.

Individual queries are formed by Square parentheses below you will see some examples:

The above example will give a list of events where a group change has been made to domain Admins.

* if you wish to target specific data viewing an event in the event log and check the XML data Will give you the information.

Leave a Reply

Your email address will not be published.