66 questions
0
votes
0
answers
53
views
Long XPATH / strctured XML filter has a huge performance hit
I have been trying to minimize the logs sent to SIEM by filtering them at the source.
You can find the filter I used below. It is long. Instead of using a long <Select> statement with inverted ...
- 182
0
votes
0
answers
57
views
What field in event log manifest become a "Source" in Event Logging window?
I wrote event log manifest file with provider and channel. Now, I have to split it to different event sources, and now I am a little bit confused how to do this. What part of manifest becomes a source ...
- 389
0
votes
3
answers
758
views
Powershell: filtering out events from certain process
I have quite a usual for every sysadm in task: to audit access to certain folders on fileserver during last, e.g. 1 day. But in addition I need to rule out access attempts from certain processes.
What ...
- 1
1
vote
1
answer
3k
views
How to capture events from ETW provider "Microsoft-Windows-Security-Auditing" in real time session?
I'm recently using ETW to collect events from builtin providers. I use logman to consume events and save them to a .etl file, like this:
logman create trace evt -p Microsoft-Windows-RPC -ets
...After ...
- 11
0
votes
1
answer
1k
views
Get EventData from Get-WinEvent from File - How to group by EventData.Data?
An EventLog was exported from a server to a file named Exported_ErrorLog.evtx.
I would like to
filter all entries created in 2023
group by Text <EventData><Data> (see xml below)
and count
...
- 6,038
0
votes
1
answer
154
views
WiX toolset - EventSource sets wrong path to EventMessageFile (prepends "#%")
I have WiX 4.0 project. I'm using Util to create Windows EventLog event source. The problem is, the Registry entry to the EventMessageFile gets the path prepended with "#%". Therefore, the ...
- 757
-2
votes
1
answer
1k
views
Error with Event ID : 1108 due to Event ID : 4688
The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
None of my process creation event is being logged. All these logs ...
0
votes
0
answers
70
views
What makes it possible to print a WriteEntry on a IDictionarty<string, object> System.Collections.Generic.Dictionary`2[System.String,System.Object]
I have two properties of Type IDictionary<string, Object>
ConfigProperties and CustomProperties
Both have the same values set to them.
But one is set through a constructor and the other is ...
- 133
0
votes
0
answers
433
views
How to read EventViewer logs of remote machine using c++?
It is about to collect logs of event viewer from the remote machine.I have tried Event Logging api so far. Though,It works well by reading logs from the localhost,was failed to read from remote ...
1
vote
1
answer
482
views
Signalr Logging
After enabled Logging of SignalR component through adding a <system.diagnostic> section to the web.config of my app, i've experienced the following problems:
if logging is configured to log ...
- 11
1
vote
2
answers
204
views
.NET Runtime does not show up in LogNames
Does anyone have an idea why the '.NET Runtime' Event source does not behave like a normal event source?
var logCheckOne = EventLog.Exists(".NET Runtime");
var logCheckTwo = EventLogSession
...
- 4,212
2
votes
0
answers
237
views
Reading an exported evtx event log file in an Azure Function
I am trying to read an exported evtx event log file in an Azure Function.
I receive the file content as a byte array and then write to a temporary file.
I then try to create an instance of ...
- 21
0
votes
1
answer
588
views
How to get the log traces in angular 2+?
Can anyone tell is there any inbuilt module or way to fetch the event traces from event viewer in angular 2+ ? Like how we use system diagnostics Eventlogs extension to fetch traces in c#.
Thanks in ...
- 5
1
vote
1
answer
1k
views
BAT file will NOT run in Windows 10 Task Scheduler but WILL run as Admin or in elevated comand prompt
My BAT file (below) runs perfectly when I run it from an elevated command prompt or Right-Click -> Run as Administrator. However, when I put it in my Windows 10 Task Scheduler, it will not run.
What ...
- 31
0
votes
1
answer
2k
views
How to read events from a Application and Services windows event source using C#?
I am trying to read windows event logs for: "Microsoft-Windows-Sysmon/Operational"
I tried:
string eventLogName = "Microsoft-Windows-Sysmon/Operational";
EventLog eventLog = new ...
- 21