Memorise

Archive for March 19th, 2012

Windows Event Viewer CUSTOM XML FILTER

<QueryList> <Query Id=”0″ Path=”Security”> <Select Path=”Security”>*[EventData[Data and (Data=”swilkinson”)]]</Select> </Query> </QueryList> Here are examples of simple custom filters in Windows Event Log: Select all events in the Security Event Log where the account name involved (TargetUserName) is “AUser” <QueryList><Query Id=”0″ Path=”Security”><Select Path=”Security”>*[EventData[Data[@Name=”TargetUserName”] and (Data=”AUser”)]]</Select></Query></QueryList> Select all events in the Security Event Log where the string “AUser” […]