Video Screencast Help

Event filtering for server 2008 events

Created: 05 Oct 2013 • Updated: 06 Oct 2013 | 5 comments
This issue has been solved. See solution.

Hi,

I am trying to filterout windows server 2008 events by username, but i am not getting the expected results.

what is the standard way for such type of event filter.

 

Operating Systems:

Comments 5 CommentsJump to latest comment

Avkash K's picture

Hi ,

Can you please tell us what exact query you are trying to run here.

Regards,

Avkash K

Avkash K's picture

you can simply use the " Username= or username contains " type of query.

plz refer below article for moer details.

http://www.symantec.com/docs/TECH165555

Regards,

Avkash K

SOLUTION
Security_exp's picture

thnx for the reply, i'll try this and let you know.

mathell's picture

It isn't going to work very well.  You'll get some, you'll miss many. The Windows parsers are absolute junk.

Security_exp's picture

Agree with Mathell...

But i tried Regex expression as suggested by Avkash K, and it's far better results then previous ones.

Thank you guys...