Create custom xml filter for Event viewer

EDN Admin

EDN Admin

Well-known member
Joined
Aug 7, 2010
Messages
12,794
Location
In the Machine
I am trying to create several filters for forward events in Event Viewer. I have a great idea how to do it, but when I try it..... nothing comes out in output. Here is the XML for a event:

<div style="color:Black;background-color:White; <pre>
<span style="color:Blue; <<span style="color:#A31515; UserData<span style="color:Blue; >
<span style="color:Blue; <<span style="color:#A31515; DocumentResumed <span style="color:Red; xmlns<span style="color:Blue; =<span style="color:Black; "<span style="color:Blue; http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events<span style="color:Black; " <span style="color:Red; xmlns:auto-ns3<span style="color:Blue; =<span style="color:Black; "<span style="color:Blue; http://schemas.microsoft.com/win/2004/08/events<span style="color:Black; "<span style="color:Blue; >
<span style="color:Blue; <<span style="color:#A31515; Param1<span style="color:Blue; >1594<span style="color:Blue; </<span style="color:#A31515; Param1<span style="color:Blue; >
<span style="color:Blue; <<span style="color:#A31515; Param2<span style="color:Blue; >inspiration2.psd<span style="color:Blue; </<span style="color:#A31515; Param2<span style="color:Blue; >
<span style="color:Blue; <<span style="color:#A31515; Param3<span style="color:Blue; >natysilva<span style="color:Blue; </<span style="color:#A31515; Param3<span style="color:Blue; >
<span style="color:Blue; <<span style="color:#A31515; Param4<span style="color:Blue; >ARC-118-CL1<span style="color:Blue; </<span style="color:#A31515; Param4<span style="color:Blue; >
<span style="color:Blue; </<span style="color:#A31515; DocumentResumed<span style="color:Blue; >
<span style="color:Blue; </<span style="color:#A31515; UserData<span style="color:Blue; >
[/code]
<br/>
<br/>
<br/>

<br/>
I am trying:

<div style="color:black; background-color:white
<pre><span style="color:blue <<span style="color:#a31515 QueryList<span style="color:blue >
<span style="color:blue <<span style="color:#a31515 Query <span style="color:red Id<span style="color:blue =<span style="color:black "<span style="color:blue 0<span style="color:black " <span style="color:red Path<span style="color:blue =<span style="color:black "<span style="color:blue ForwardedEvents<span style="color:black "<span style="color:blue >
<span style="color:blue <<span style="color:#a31515 Select <span style="color:red Path<span style="color:blue =<span style="color:black "<span style="color:blue ForwardedEvents<span style="color:black "<span style="color:blue >*[UserData[DocumentResumed[(Param4=AT-LAB-BWQ)]]]<span style="color:blue </<span style="color:#a31515 Select<span style="color:blue >
<span style="color:blue </<span style="color:#a31515 Query<span style="color:blue >
<span style="color:blue </<span style="color:#a31515 QueryList<span style="color:blue >
[/code]

<br/>
When I change it to

<div style="color:black; background-color:white
<pre><span style="color:blue <<span style="color:#a31515 Select <span style="color:red Path<span style="color:blue =<span style="color:black "<span style="color:blue ForwardedEvents<span style="color:black "<span style="color:blue >*<span style="color:blue </<span style="color:#a31515 Select<span style="color:blue >
[/code]

I get all the events.

What am I doing wrong?


View the full article
 

Similar threads

D
Display Issue
Replies
0
Views
104
Donald Uko
D
M
Error downloading metadata from the address when adding web service reference
Replies
0
Views
1,190
Mike Lusicic
M
M
Windows 10 Windows Hello For Business Hybrid Key Trust Deployment Issue
Replies
0
Views
277
Mattias.N
M
N
Javascript error for CDHTML dialog
Replies
0
Views
81
NewBieDev2012
N
EDN Admin
how to send node-set to c# code file
Replies
0
Views
317
EDN Admin
EDN Admin
Back
Top