rd_kellerman
asked on
event filtering
Hello,
I am trying to filter some events from my event viewer log on a win2k server. When I filter an event it turns off all events in that log (ie system). Is this what it is supposed to do? I can't find anything by searching MS knowledge base or this forum.
Thanks,
Roger K
I am trying to filter some events from my event viewer log on a win2k server. When I filter an event it turns off all events in that log (ie system). Is this what it is supposed to do? I can't find anything by searching MS knowledge base or this forum.
Thanks,
Roger K
Hello Roger,
- Filtering events in Event viewer shgould not "turn off" anything. You should still be able to see them, if you took the filtering off and clicked on View -> All records. Filtering simply generates a view that you can see only specific events
- To filter log events, follow these steps:
1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
2. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view.
3. On the View menu, click Filter.
4. Click the Filter tab (if it is not already selected).
5. Specify the filter options that you want, and then click OK.
Only events that match your filter criteria are displayed in the details pane.
- To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults.
Now, are you asking if, you can "export" only certain logs or see "only" filtered events in the event manager, along side the "All" events ?
- Filtering events in Event viewer shgould not "turn off" anything. You should still be able to see them, if you took the filtering off and clicked on View -> All records. Filtering simply generates a view that you can see only specific events
- To filter log events, follow these steps:
1. Click Start, and then click Control Panel. Click Performance and Maintenance, then click Administrative Tools, and then double-click Computer Management. Or, open the MMC containing the Event Viewer snap-in.
2. In the console tree, expand Event Viewer, and then click the log that contains the event that you want to view.
3. On the View menu, click Filter.
4. Click the Filter tab (if it is not already selected).
5. Specify the filter options that you want, and then click OK.
Only events that match your filter criteria are displayed in the details pane.
- To return the view to display all log entries, click Filter on the View menu, and then click Restore Defaults.
Now, are you asking if, you can "export" only certain logs or see "only" filtered events in the event manager, along side the "All" events ?
ASKER
I just wanted to quit recording some events that are "unimportant". I take it you can't stop recording specific errors/events and leave others intact?? I got the idea that you could do that from a couple of other solutions that I have found. I guess not Huh?
Thanks,
Roger
Thanks,
Roger
Hi Roger,
I dont think you turn them off by "simply" filtering. You can turn them off by what they are trying to audit / record. Auditing events such as printing, file access, security, etc can be enabled or disabled by auditing. However certain, things by default that the event log records, I dont think can b disabled. It is intentional by behaviour to record them. What events do you think are not important, and where are do you want off, event, security or application ?
I dont think you turn them off by "simply" filtering. You can turn them off by what they are trying to audit / record. Auditing events such as printing, file access, security, etc can be enabled or disabled by auditing. However certain, things by default that the event log records, I dont think can b disabled. It is intentional by behaviour to record them. What events do you think are not important, and where are do you want off, event, security or application ?
No, you can't stop the events from being recorded in the log via filtering. Filtering just affects what events you see when viewing the log. It enables you to focus on events that you're interested in. I agree with KaliKoder, some events are logged based on what you choose to audit. Other events are logged based on program settings, for example you set various logging levels in Exchange. Some events can't be ignored, or at least that's my understanding. I would expect that most events appearing in the System log fall into the latter category.
ASKER
Hello all,
It looks that I need to find the causes for the errors and fix them. I have looked at places like the MS knowledge base for solutions, but that leaves a lot to be desired in my opinion. Does anybody have a recommended place to search for answers. I think that the problems started when I demoted the server from active directory to stand alone server on a small peer to peer network. Any advice on cleaning up the system would be appreciated.
Roger
It looks that I need to find the causes for the errors and fix them. I have looked at places like the MS knowledge base for solutions, but that leaves a lot to be desired in my opinion. Does anybody have a recommended place to search for answers. I think that the problems started when I demoted the server from active directory to stand alone server on a small peer to peer network. Any advice on cleaning up the system would be appreciated.
Roger
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In this case filtering works in reverse to what you might think. Intead of excluding entries based on a condition it includes entries based on the condition given. For example, if I set the "Event ID" to 14 then I'll the log will filter out everything except those events with an ID of 14. If you set a filter and no records are shown, then there are no records in the log that meet the specified condition.