Query reports are not showing proper output for windows event log with given date range.
|Article:TECH171107|||||Created: 2011-10-05|||||Updated: 2012-07-28|||||Article URL http://www.symantec.com/docs/TECH171107|
While querying to windows event logs, generated report doesn’t show exact output as number of events generated on server.
Windows 2000, Windows 2003, Windows 2008
Query may not provide the proper output, due to following reasons.
1. Date range specified in Filter Specification and Scope, verify that date range is properly mentioned in filter specification and Scope, if both the criteria are used at same time. Applying two different date range will cause to wrong output.
2. Verify that logs are present on target server. Event logs can be scheduled for auto archive after specific time or size. This schedule can be done with windows auto archive feature, script or batch file. Due to missing event logs on target server report may show incorrect data.
Article URL http://www.symantec.com/docs/TECH171107