Windows/EventViewer: Unterschied zwischen den Versionen

Aus SchnallIchNet
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „ == Filter Event-Log == === Filter by username === Get all Logon (4624) and Logoff (4634) Events from Security Eventlog<br/><br/> # Filter Current Log # Sw…“)
 
(kein Unterschied)

Aktuelle Version vom 14. Juni 2018, 07:44 Uhr

Filter Event-Log

Filter by username

Get all Logon (4624) and Logoff (4634) Events from Security Eventlog

  1. Filter Current Log
  2. Switch to XML Tab
  3. Tick: 'Edit query manually' checkbox
  4. add the following to the <Select></Select> Tag: and EventData[Data[@Name='TargetUserName']='USERNAME']
<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">*[System[(EventID=4624 or EventID=4634)] and EventData[Data[@Name='TargetUserName']='USERNAME']]</Select>
  </Query>
</QueryList>
Von „https://schnallich.net/index.php?title=Windows/EventViewer&oldid=1577