Jump to content

Recommended Posts

Greetings!

 

I was exploring as I saw the below URL which reads the event logs from specific type (Application, Security, System, etc.)

So, I was in need to read a specific event id instead of the type of event, i.e. I need to read event id 1074 which lands under Security type.

Any assistance will be grateful.

 

Happy new year in advance!!

Link to comment
Share on other sites

On 1/3/2023 at 6:16 PM, argumentum said:

...you'll have to read every event until you read the one you wanted to read, so discard those you don't care for.
You can also add to TaskScheduler an event ( in your case, 1074 ) and run something when triggered.

Cheers

Any other way will be grateful enough...

Link to comment
Share on other sites

you can use powershell to export event log entries, or this tool by NirSoft called FullEventLogView

 

all the EVTX files are stored usually in the folder C:\Windows\System32\winevt\Logs (RunAsAdmin will be required)

 

WMI is another way to get hold of event log entries, my favorite would be using powershell (filtering at the beginning is easy), then process the results with autoit 

Earth is flat, pigs can fly, and Nuclear Power is SAFE!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...