66 questions
0
votes
0
answers
53
views
Long XPATH / strctured XML filter has a huge performance hit
I have been trying to minimize the logs sent to SIEM by filtering them at the source.
You can find the filter I used below. It is long. Instead of using a long <Select> statement with inverted ...
- 182
0
votes
3
answers
771
views
Powershell: filtering out events from certain process
I have quite a usual for every sysadm in task: to audit access to certain folders on fileserver during last, e.g. 1 day. But in addition I need to rule out access attempts from certain processes.
What ...
- 1
0
votes
1
answer
1k
views
Get EventData from Get-WinEvent from File - How to group by EventData.Data?
An EventLog was exported from a server to a file named Exported_ErrorLog.evtx.
I would like to
filter all entries created in 2023
group by Text <EventData><Data> (see xml below)
and count
...
- 6,040
-2
votes
1
answer
1k
views
Error with Event ID : 1108 due to Event ID : 4688
The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
None of my process creation event is being logged. All these logs ...
0
votes
0
answers
434
views
How to read EventViewer logs of remote machine using c++?
It is about to collect logs of event viewer from the remote machine.I have tried Event Logging api so far. Though,It works well by reading logs from the localhost,was failed to read from remote ...
1
vote
2
answers
205
views
.NET Runtime does not show up in LogNames
Does anyone have an idea why the '.NET Runtime' Event source does not behave like a normal event source?
var logCheckOne = EventLog.Exists(".NET Runtime");
var logCheckTwo = EventLogSession
...
- 4,212
0
votes
1
answer
594
views
How to get the log traces in angular 2+?
Can anyone tell is there any inbuilt module or way to fetch the event traces from event viewer in angular 2+ ? Like how we use system diagnostics Eventlogs extension to fetch traces in c#.
Thanks in ...
- 5
0
votes
1
answer
2k
views
How to read events from a Application and Services windows event source using C#?
I am trying to read windows event logs for: "Microsoft-Windows-Sysmon/Operational"
I tried:
string eventLogName = "Microsoft-Windows-Sysmon/Operational";
EventLog eventLog = new ...
- 21
0
votes
1
answer
481
views
Simplest way to write a log message and display in Perfview
I need the to write a log message and capture that in PerfView. I would like to avoid using EventLog or EventSource because they are quite invasive: they require registering a new source or ETW ...
- 7,469
0
votes
1
answer
432
views
Writing to the event log without admin
I am admin on my local machine. However the app I am creating (an outlook VSTO addin) will be deployed by a deployment admin to users who won't have admin.
The app installs correctly.
My issue is ...
- 1,326
0
votes
1
answer
149
views
C#_EventLog Exception [duplicate]
I’m trying to write a simple event log but i confront with “System.Security.SecurityException: The source was not found...”
and i searched a lot but couldn’t find an efficient solution, I really ...
- 11
0
votes
1
answer
3k
views
C# Read Eventlog from evtx file with EventLog Class
I'm trying to read a stored .evtx with the EventLog Class from System.Diagnostics.
but it doesn't work.
Isn't it possible to read a stored evtx file with EventLog Class or where is the problem?
...
- 100
1
vote
1
answer
3k
views
EventCreate.exe creates a "CustomSource" value, what does it mean?
The command-line EventCreate.exe tool registers a user-defined event source in the Registry for the Windows Event Log Viewer to use, like this:
eventcreate /t INFORMATION /ID 100 /L "Application" /SO ...
- 609k
2
votes
0
answers
2k
views
How to write events from multiple applications(sources) to the same event log?
I have created a custom event log and would like all my applications to write to the same event log. As you can see below in the image attached, DistributedCOM and Svc Ctrl Mgr are 2 sources writing ...
- 652
0
votes
1
answer
424
views
How to change the value of an attribute in an instrumentation manifest with msbuild?
The Microsoft EventRegister Tool creates an instrumentation manifest file along with a resource file during project compilation. I would like to move those files to another path after compilation and ...
- 1,753
0
votes
1
answer
2k
views
How to get just description field from a wevtutil output
I can fetch latest 5 events generated by MsiInstaller from Event logs with -
wevtutil qe Application /rd:true /f:text /c:5 /q:"*[System[Provider[@Name='MsiInstaller']]]"
But the output is too ...
- 137
-2
votes
1
answer
44
views
Eventlog leakage issue(.net profiler shows undisposed)
I am writing error to event log but when i checked for leakage i got event log leakage in .net profiler, Do I need to dispose this object? Is it will create any issue in multi threading?
public ...
- 21
1
vote
1
answer
978
views
Is it possible to specify an event category for Windows EventLogs in code?
I am looking for a way not to use Message Files, as I don't want the mess that comes with it.
I would like to be able to write events using a method similar to
public void WriteEvent(...
- 169
1
vote
2
answers
3k
views
Custom Event Logging in a Windows Service
In the project installer i am creating a custom event log. But when my service starts my all logs are going to the "Application" instead of my cuustom log. Below is the code which i have added to ...
- 21
0
votes
1
answer
115
views
Custom Windows Eventlog, register one source in multiple eventlogs
Is it possible, for example to have a source "MyApp" and register it to Application eventlog and another custom eventlog?
- 22.9k
0
votes
1
answer
925
views
Windows:unable to log events to security log and status codes is 0x0
I am newbie to windows administration.
Recently got an alert describing,
"unable to log events to security log and status codes is 0x0"
So far I identified that the exception could be due to the ...
1
vote
1
answer
636
views
Not EventLog dispose in Windows Service app using the Designer generated code is fine?
While creating a project using Windows Service VS2013 project template i noticed that after add an EventLog component from the tools box the #region named "Component Designer generated code" is filled ...
user1785721
0
votes
0
answers
53
views
HVUpdate Exception: Value cannot be null
I am getting a very strange exception and am having quite a bit of trouble tracking it down. I'm not sure how much good posting it here will do, but I figured it would be worth a shot.
On software ...
- 2,911
1
vote
1
answer
1k
views
Event Log name is other than "Application" but logs are written in "Application" Log
In my VB.NET application, I created a new Event Log Name named "My_Log", and I have this application run for a number of different situations where each situation is named by a unique name, and on ...
- 23
1
vote
2
answers
3k
views
XPath greater than operator?
I'm trying to select all event log entries beyond a certain date. So far I think I got equals, but I don't know how to change this to greater than the specified date... so close yet so far!
<...
- 2,020