Re: Export from System Event Log By EventCode

Mine worked like this:

Logfile = "Security" AND EventCode = "633" OR EventCode = "644"

Re: Export from System Event Log By EventCode

Thanks, but I copied and pasted your suggested solution into my config. and it returned nothing. If I run on search of just the Security log I get everything. Permissions are not the issue as I hold Domain Admin rights. Not sure why it worked for you but not for me.

Re: Export from System Event Log By EventCode

Give me the exact steps you are taking.

Re: Export from System Event Log By EventCode

First thing I do is Click on Tools, Exporter Pro, Run Exporter Pro.

I then select the Configuration file for editing.

Open Export Configuration Properties.

I see under "Enabled Exports", Event Log.

I then Click on Export Properties and then select the WMI tab.

On the WMI tab I have selected the Event Log template.

I then click on Properties.

In here I have copied and pasted your code: Logfile = "Security" AND EventCode = "633" OR EventCode = "644"

I then click OK, OK and then Close.

I then select one of my DC's and then Click on Tools, Exporter Pro, Export From Selected Objects.

The routine runs but nothing is returned.
I have confirmed these events do exist in the Security Event Logs.

Re: Export from System Event Log By EventCode

Try these steps first, and if you still get nothing send a screenshot of your Event Log WMI template to [email protected].

Click on a server in Hyena that you know has these events, then go to Tools->Exporter Pro->Export From Selected Objects. Click the Settings button and verify that you have the Event Log WMI export enabled and have the correct settings. Then click Close and Start Export.