Home
Event Log Explorer Help Prev Page Prev Page
Welcome
Introduction
Using Event Log Explorer (Basics)
Opening Event Log
Opening Event Log Files
Viewing Event Logs
Viewing Event Properties
Sending Event Log to Printer
Event Log Explorer Concept
Workspaces
Computers Tree
Log Views
Log API
Advanced use
Filtering events in Event Log Explorer
Pre-filtering events (log loading options)
XML Query Filter
General Filter
Quick Filter
Linked event filter
Bookmarking events
Exporting Event Logs
Backing up Event Logs
Save Event Log As File
Automatic Event Log Backup
Backup batch
Add Computers Wizard
Log properties
Credential manager
Analytical reports
Event Alerter
Custom columns
Computer properties
Color coding
Task scheduler
Command line options
Preferences
General
Log View Defaults
Log Loading Options
Appearance
Workspace
Confirmations
Log files
Print
Updates
User interface elements
Main menu and toolbar
Event Log View
Event list
Control toolbar
Description box
Event list context menu
Computers Tree
Add Computer to Tree
Add Group to Tree
Remove Computer or Group
Sorting Items in Tree
Computers tree context menu
Filter/Search Window
Select computer dialog
Peer-to-peer network issues
Tools
Event log backup utility
License Agreement

Filter/Search Window

This window allows you to specify the criteria for Filter or Find command.

Apply filter to defines on which views the filter will affect.
Active event log view - if checked, the filter will be applied to current event log view only.
Event log view(s) on your choice lets you select event views to filter.

Event Types:

  • Information - if checked, Event Log Explorer will display/search for events logged by successful operations of major services.
  • Warning - if checked, Event Log Explorer will display/search for events that are not necessarily significant but may cause future problems.
  • Error - if checked, Event Log Explorer will display/search for events logged by significant problems.
  • Audit Success - if checked, Event Log Explorer will display/search for security access attempts that were successful.
  • Audit Failure - if checked, Event Log Explorer will display/search for security access attempts that were failed.

Source - Event Log Explorer will display/search for events logged by a specified software.

Category - Event Log Explorer will display/search for events of a certain category.

User - Event Log Explorer will compare User column with the specified text. The compare is not case-sensitive. If Substring check box is checked, Event Log Explorer will display/search for events that contains this criteria text in the User column.

Computer - Event Log Explorer will compare Computer column with the specified text. The compare is not case-sensitive. If Substring check box is checked, Event Log Explorer will display/search for events that contains this criteria text in the Computer column.

Event IDs - Event Log Explorer will display/search for events that match the specified Event IDs. If you want to specify multiple IDs, please use coma as a delimiter. To specify a range of IDs, use "-".
You can use "!" to specify the exception list of events. All events and event ranges following "!" will be considered as exceptions. E.g. 10,100-1000,2000-5000!250,500-600,3000-3200 will be equal 10, 100-249,251-499,601-1000, 2000-2999,3201-5000

Text in description - Event Log Explorer will display/search for events that contains the specified text in the event description. Tick RegExp checkbox if Text in description is a regular expression.

Filter by description params - You can filter security log by description parameters.

  E.g. -  you have an event (eventid: 4688) with description:

A new process has been created.
Subject:
        Security ID:            S-1-5-21-1388292303-2233603710-2753204785-1005
        Account Name:           Bob
        Account Domain:         FSPRO
        Logon ID:               0x1af38
Process Information:
        New Process ID:         0x23b0
        New Process Name:       C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
        Token Elevation Type:   TokenElevationTypeLimited (3)
        Creator Process ID:     0x8fc
    

Let's say that we want to get all events where user Bob starts Excel.

In this case our filter by params should look like:

Name Operator Value
Subject\Account Name Equal Bob
Process Information\New Process Name Contains excel.exe


Description params match is not case sensitive.

 

Date - if checked, Event Log Explorer will display/search for events logged between From and To dates.

Time - if checked, Event Log Explorer will display/search for events logged between From and To times.

Separately - if not checked, Event Log Explorer will behave as standard Windows Event Viewer: it will display/search for events that fall into date time interval (from From Date,Time to To Date, Time.
If checked, Event Log Explorer will display/search for events that fall into date interval (from From Date to To Date) and fall into time interval (from From Time to To Time). This can be helpful for example, when you want to check the events that were generated last week during the working time.

Display events for the last dd days yy hours - Event Log Explorer will display/search for the recent events logged during the last DD days and yy hours. Set these values to 0 to display all events.

Exclude - you can enable Exclude option for each clause. E.g. if you want to display all events except spooler events, check in the Source drop-down list "Spooler" and enable Exclude option next to the Source drop-down list.

Load button - allows you to load a saved filter/search criteria.

Save button - saves current filter/search criteria in a file.

OK button - closes this window and starts filtering/search process according to the specified criteria.

Cancel button - close this window.

 

See also:

Filtering events in Event Log Explorer

 

© 2005-2015 FSPro Labs. All rights reserved.

Converted from CHM to HTML with chm2web Pro 2.85 (unicode)