Creating a custom view for windows log based on a "Contains {text}" rule

Posted by jussinen on Server Fault See other posts from Server Fault or by jussinen
Published on 2012-04-02T09:58:59Z Indexed on 2012/04/02 11:33 UTC
Read the original article Hit count: 207

Filed under:

windows-server-2008

|

windows-server

|

event-log

|

auditing

I have a server running Windows Server 2008.

I'm using Windows Server Auditing to check when and by which user a folder is modified to determine who is modifying it as the modifications are causing problems.

I can see the log of the audit when a change is made in the System log.

How do I create a Custom View that will return all events from System log where a certain text (which is the folder name) is present? The create custom view doesn't seem to have that option.

I'm not sure whether it's possible via custom xml query or whether I'll need to export the system log to csv and search in Excel.

John

© Server Fault or respective owner

Related posts about windows-server-2008

Password policy problem windows server 2008

as seen on Server Fault - Search for 'Server Fault'
Hi, I'm creating a domain and I need to make users that can have an empty password but administrators have to comply with password complexity how to I solve this problem? Thanks in advance >>> More
SAP DCOM Connector on Windows Server 2008

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anybody know, if it is possible to use the "old" SAP DCOM Connector on a Windows Server 2008 ? I want to migrate a old ASP Web Solution with DCOM Connection to SAP from Windows 2000 Server to Windows 2008 Server. When I try to install the DCOM Connector I get the Error Message: "Setup could… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 Directory Services, Group Policy Preferences - More Control Panel Settings

as seen on Internet.com - Search for 'Internet.com'
In Windows Server 2008, Group Policy Preferences makes it possible to reap the chief benefits of an Active Directory environment by simplifying client management. Control Panel Settings nodes in the Group Policy Management Editor makes this possible. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More

Related posts about windows-server

differences in style rendering: windows server 2003 to windows server 2008

as seen on Server Fault - Search for 'Server Fault'
I copied code from our live site (running windows server 2003) to a new QA virtual machine (running windows 2008). When I view the page source info its exactly the same, but the appearance of the sites is very difference. Is this caused by the difference in OS, or am I looking in the wrong place? >>> More
Windows Server 2008 - Windows Server Backup - Email Alerts

as seen on Server Fault - Search for 'Server Fault'
I would like to create a script that emails me when a scheduled daily backup runs. I'd prefer the email to indicate success or failure. I understand that this is not an easy thing to do with Windows Server 2008. Is it possible? If so, how? Thanks >>> More
Can't RDP Into Windows Server After Windows Server Establishes VPN Session

as seen on Server Fault - Search for 'Server Fault'
Hi there. I've setup a Windows 2008 Server in a Cloud Environment. I am able to RDP to this Windows Server ("aka CloudServer") in the Cloud Environment. When I establish PPTP VPN connection from the CloudServer back to our Windows Server ("aka OfficeServer"), my RDP session is dropped and it won't… >>> More
in-place upgrade Windows Server Standard Edition 2003 to Windows Server Enterprise/Datacentre Editio

as seen on Server Fault - Search for 'Server Fault'
I recently asked a question about upgrading from 2003 to 2008, but i realised this is a lot harder to do, the only reason i want to upgrade is to have increase the RAM Windows 2003 Standard Edition R2 only supports 4GB Windows 2003 Enterprise Edition R2 supports up to 32GB Windows 2003 Datacentre… >>> More
Windows Azure: Announcing Support for Windows Server 2012 R2 + Some Nice Price Cuts

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Today we released some great updates to Windows Azure: Virtual Machines: Support for Windows Server 2012 R2 Cloud Services: Support for Windows Server 2012 R2 and .NET 4.5.1 Windows Azure Pack: Use Windows Azure features on-premises using Windows Server 2012 R2 Price Cuts: Up to 22%… >>> More