Filter security event logs to exclude event log description
Posted on 2013-10-30
I am using Windows Server 2008 R2 and setup auditing to generate event log when a file gets deleted.
For this I have setup a custom filter with name 'File Auditing', the problem is event log is capturing event wherein a deleting is generated when a user save a close word\excel file, this event log contain file name extension as temp file.
How to exclude event log which have the word 'temp' in event description.
I think we can achieve this by editing XML property of event log filtering.