CSC - Technical Notes

A personal repository of technical notes. - CSC

Windows Event Viewer Filter XML

Windows 7 XML Sample

<QueryList>
       <Query Id="0" Path="Security">
              <Select Path="Security">
                     *[System[(
                           EventID=4624
                           or EventID=4625
                           or EventID=4634
                     )]]
                     and
                     *[EventData[(
                           (
                                  Data[@Name='TargetDomainName'] = 'Abcd'
                                  or Data[@Name='AccountDomain'] = 'XYZ'
                           )
                           and
                           (
                                  Data[@Name='TargetUserName'] != 'U123'
                           )
                     )]]
              </Select>
       </Query>
</QueryList>

References

"Event Viewer - Wikipedia, the free encyclopedia." Wikipedia, the free encyclopedia. N.p., n.d. Web. 19 Oct. 2011.
<http://en.wikipedia.org/wiki/Event_Viewer#Filtering_using_XPath_1.0>.

"Windows Event Viewer CUSTOM XML FILTER | Jamin Quimby Installation & Development Notes." Jamin Quimby .com | Jamin Quimby Installation & Development Notes. N.p., n.d. Web. 19 Oct. 2011.
<http://jaminquimby.com/index.php/microsoft-windows-2008/129-windows-event-viewer-custom-xml-filter>.

"Event Log Hell (finding user logon & logoff) - Ars Technica OpenForum." Ars Technica. N.p., n.d. Web. 19 Oct. 2011.
<http://arstechnica.com/civis/viewtopic.php?f=17&t=1139356>.
Posted 2011-10-19 Tagged > , 0 comments
Subscribe to: Posts (Atom)