Solved

event filtering

Posted on 2004-10-19
7
296 Views
Last Modified: 2011-09-20
Hello,
I am trying to filter some events from my event viewer log on a win2k server.  When I filter an event it turns off all events in that log (ie system). Is this what it is supposed to do? I can't find anything by searching MS knowledge base or this forum.

Thanks,
Roger K

0
Comment
Question by:rd_kellerman
  • 3
  • 2
  • 2
7 Comments
 
LVL 76

Expert Comment

by:David Lee
ID: 12353541
Hi, Roger.

In this case filtering works in reverse to what you might think.  Intead of excluding entries based on a condition it includes entries based on the condition given.  For example, if I set the "Event ID" to 14 then I'll the log will filter out everything except those events with an ID of 14.  If you set a filter and no records are shown, then there are no records in the log that meet the specified condition.
0
 
LVL 11

Expert Comment

by:KaliKoder
ID: 12353766
Hello Roger,

- Filtering events in Event viewer shgould not "turn off" anything. You should still be able to see them, if you took the filtering off and clicked on View -> All records. Filtering simply generates a view that you can see only specific events

- To filter log events, follow these steps:
1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
2. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view.
3. On the View menu, click Filter.  
4. Click the Filter tab (if it is not already selected).
5. Specify the filter options that you want, and then click OK.
Only events that match your filter criteria are displayed in the details pane.

- To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults.

Now, are you asking if, you can "export" only certain logs or see "only" filtered events in the event manager, along side the "All" events ?





0
 

Author Comment

by:rd_kellerman
ID: 12354216
I just wanted to quit recording some events that are "unimportant". I take it you can't stop recording specific errors/events and leave others intact?? I got the idea that you could do that from a couple of other solutions that I have found. I guess not Huh?

Thanks,
Roger
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 11

Expert Comment

by:KaliKoder
ID: 12354373
Hi Roger,

I dont think you turn them off by "simply" filtering. You can turn them off by what they are trying to audit / record. Auditing events such as printing, file access, security, etc can be enabled or disabled by auditing. However certain, things by default that the event log records, I dont think can b disabled. It is intentional by behaviour to record them. What events do you think are not important, and where are do you want off, event, security or application ?

0
 
LVL 76

Expert Comment

by:David Lee
ID: 12354545
No, you can't stop the events from being recorded in the log via filtering.  Filtering just affects what events you see when viewing the log.  It enables you to focus on events that you're interested in.  I agree with KaliKoder, some events are logged based on what you choose to audit.  Other events are logged based on program settings, for example you set various logging levels in Exchange.  Some events can't be ignored, or at least that's my understanding.  I would expect that most events appearing in the System log fall into the latter category.
0
 

Author Comment

by:rd_kellerman
ID: 12405030
Hello all,

It looks that I need to find the causes for the errors and fix them.  I have looked at places like the MS knowledge base for solutions, but that leaves a lot to be desired in my opinion.  Does anybody have a recommended place to search for answers. I think that the problems started when I demoted the server from active directory to stand alone server on a small peer to peer network. Any advice on cleaning up the system would be appreciated.  

Roger
0
 
LVL 76

Accepted Solution

by:
David Lee earned 250 total points
ID: 12405310
Roger,

I don't think there is any one place that's best to search for answers.  There are various sites that specialize in a particular MS product, for example Slipstick.com (http://www.slipstick.com/) for Outlook and Exchange issues, but I don't know of any one all encompassing site that does it any better the the MS Knowledgebase.  When I run into messages in the event logs that I'm unfamiliar with, I usually search MSKB first, then EventID.net (http://www.eventid.net/), and finally I just google the message and/or event ID and see what I find.  I'm oftimes surprised at the obscure sites that have the answer I need.  It's also refreshing to find that I'm not the only one experiencing some of the issues I've run into.  

-- BDF
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question