locked
filtering 2008 R2 event log (security) RRS feed

  • Question

  • 2008 R2 sp1. i've checked several machines, all have the same behavior.

     i'm viewing the Security log. i want to Filter Current Log for a certain event. the event is from Source: Microsoft Windows Security Auditing, and Category: Filtering Platform Connection. i can see one in the log right now.

    1. the Task Category drop-down field is greyed out in the Filter screen. i can't pick a category or type one in.

    2. in the Event Sources drop-down list, i don't see Microsoft Windows Security Auditing. or Windows Security Auditing. or Security Auditing. or Auditing.

    am i missing something? are these the expected behaviors?

     

    Thursday, November 10, 2011 9:30 PM

Answers

  • In event sources you should have: "Microsoft Windows security auditing." (yes, it includes the trailing dot). Note that this will be everything in the security event log...so the only point of specifying this is simply to get the task category filter available. The task category field is not available for use (remains greyed out) until a valid source is chosen, at which point the task categories for that given source are enumerated and presented in that field.


    Brandon Wilson - Premier Field Engineer (Platforms)
    • Marked as answer by Bruce-Liu Tuesday, November 29, 2011 10:15 AM
    Saturday, November 12, 2011 2:37 AM