Re: Export from System Event Log By EventCode

Try these steps first, and if you still get nothing send a screenshot of your Event Log WMI template to [email protected].

Click on a server in Hyena that you know has these events, then go to Tools->Exporter Pro->Export From Selected Objects. Click the Settings button and verify that you have the Event Log WMI export enabled and have the correct settings. Then click Close and Start Export.

Re: Export from System Event Log By EventCode

First thing I do is Click on Tools, Exporter Pro, Run Exporter Pro.

I then select the Configuration file for editing.

Open Export Configuration Properties.

I see under "Enabled Exports", Event Log.

I then Click on Export Properties and then select the WMI tab.

On the WMI tab I have selected the Event Log template.

I then click on Properties.

In here I have copied and pasted your code: Logfile = "Security" AND EventCode = "633" OR EventCode = "644"

I then click OK, OK and then Close.

I then select one of my DC's and then Click on Tools, Exporter Pro, Export From Selected Objects.

The routine runs but nothing is returned.
I have confirmed these events do exist in the Security Event Logs.

Re: Export from System Event Log By EventCode

Give me the exact steps you are taking.

Re: Export from System Event Log By EventCode

Thanks, but I copied and pasted your suggested solution into my config. and it returned nothing. If I run on search of just the Security log I get everything. Permissions are not the issue as I hold Domain Admin rights. Not sure why it worked for you but not for me.

Re: Export from System Event Log By EventCode

Mine worked like this:

Logfile = "Security" AND EventCode = "633" OR EventCode = "644"