Windows/EventViewer

Aus SchnallIchNet
< Windows
Version vom 14. Juni 2018, 07:44 Uhr von Cbs (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „ == Filter Event-Log == === Filter by username === Get all Logon (4624) and Logoff (4634) Events from Security Eventlog<br/><br/> # Filter Current Log # Sw…“)

(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Filter Event-Log

Filter by username

Get all Logon (4624) and Logoff (4634) Events from Security Eventlog

  1. Filter Current Log
  2. Switch to XML Tab
  3. Tick: 'Edit query manually' checkbox
  4. add the following to the <Select></Select> Tag: and EventData[Data[@Name='TargetUserName']='USERNAME']
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*[System[(EventID=4624 or EventID=4634)] and EventData[Data[@Name='TargetUserName']='USERNAME']]</Select>
  </Query>
</QueryList>