Tweet
Hi,
am trying to use Exporter Pro to extract out all the direct logons to our servers. These would be Event IDs 528 or 540 with an Event Type of 2.
I have created an EP Config with Enabled Exports of Event Log.
I have a WMI Class Name entry of Win32_NTLogEvent and a number of Query Properties including ComputerName, EventCode, EventType amongst many others.
In the WMI 'Where' Clause field I currently have EventCode = 528. Purely for a test, but am recieving no results from that query on servers that I know that I have definitely logged in directly to.
So two questions really.
1. What might I be doing wrong so that I am getting no results.
2. In the event that I do get results, what would I put in the WMI 'Where' Clause field to ensure that I only get EventCode's 528 or 540 and EventType 2.
Many Thanks
am trying to use Exporter Pro to extract out all the direct logons to our servers. These would be Event IDs 528 or 540 with an Event Type of 2.
I have created an EP Config with Enabled Exports of Event Log.
I have a WMI Class Name entry of Win32_NTLogEvent and a number of Query Properties including ComputerName, EventCode, EventType amongst many others.
In the WMI 'Where' Clause field I currently have EventCode = 528. Purely for a test, but am recieving no results from that query on servers that I know that I have definitely logged in directly to.
So two questions really.
1. What might I be doing wrong so that I am getting no results.
2. In the event that I do get results, what would I put in the WMI 'Where' Clause field to ensure that I only get EventCode's 528 or 540 and EventType 2.
Many Thanks
Comment