We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
在windows事件查看器中,设置自定义筛选器,选择手动编写筛选条件
XML过滤器
针对mstsc登录事件部分例子,照葫芦画葫芦时间
有IPaddress的事件
<QueryList> <Query Id="0" Path="Security"> <Select Path="Security">* [EventData[Data[@Name='IpAddress']!='-' ]]</Select> </Query> </QueryList>
普通网络登录事件
<QueryList> <Query Id="0" Path="Security"> <Select Path="Security">* [EventData[Data[@Name='LogonType'] = 3]]</Select> </Query> </QueryList>
普通交互式登录事件
<QueryList> <Query Id="0" Path="Security"> <Select Path="Security">* [EventData[Data[@Name='LogonType'] = 2]]</Select> </Query> </QueryList>
PS:win10系统1903版本由于bug原因无法使用UI版本自定义筛选器,只能从命令提示符里面打命令输出日志结果,坑,没事别手残主动升级
未完待补充
The text was updated successfully, but these errors were encountered:
No branches or pull requests
在windows事件查看器中,设置自定义筛选器,选择手动编写筛选条件
XML过滤器
针对mstsc登录事件部分例子,照葫芦画葫芦时间
有IPaddress的事件
普通网络登录事件
普通交互式登录事件
PS:win10系统1903版本由于bug原因无法使用UI版本自定义筛选器,只能从命令提示符里面打命令输出日志结果,坑,没事别手残主动升级
未完待补充
The text was updated successfully, but these errors were encountered: