EDN Admin
Well-known member
I have built an Xpath query for the security event logs. It looks at event ID 4624, it also filters users and suppresses logon types. I would like to add another part that looks at the system time and brings back all events that happened between the
hours of 2-6AM everyday. Is this possible? Below is what I have so far;
<span style="font-size:xx-small <QueryList>
<Query Id="0" Path="Security
<Select Path="Security *[System[(EventID="4624")]] and *[EventData[Data and (Data="administrator")]]</Select>
<Suppress Path="Security *[EventData[Data[@Name="LogonType"] = "7" ]]</Suppress>
<Suppress Path="Security *[EventData[Data[@Name="LogonType"] = "3" ]]</Suppress>
</Query>
</QueryList>
View the full article
hours of 2-6AM everyday. Is this possible? Below is what I have so far;
<span style="font-size:xx-small <QueryList>
<Query Id="0" Path="Security
<Select Path="Security *[System[(EventID="4624")]] and *[EventData[Data and (Data="administrator")]]</Select>
<Suppress Path="Security *[EventData[Data[@Name="LogonType"] = "7" ]]</Suppress>
<Suppress Path="Security *[EventData[Data[@Name="LogonType"] = "3" ]]</Suppress>
</Query>
</QueryList>
View the full article