git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
snippets
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

inital

Toastie 5 years ago
parent
7ecabdfb80
commit
09a1c81980
1 changed files with 12 additions and 0 deletions
Split View Show Diff Stats
  1. 12 0
      log-analysis/win-event-log/logon-logoff.md

+ 12 - 0
log-analysis/win-event-log/logon-logoff.md
View File 

@@ -0,0 +1,12 @@
 
+Windows Event Log Filter
 
+
 
+```
 
+<QueryList>
 
+  <Query Id="0" Path="Security">
 
+    <Select Path="Security">*[System[EventID=4624] and EventData[Data [@Name='TargetUserName'] = 'YourUserName']]</Select>
 
+  </Query>
 
+  <Query Id="0" Path="Security">
 
+    <Select Path="Security">*[System[EventID=4634] and EventData[Data [@Name='TargetUserName'] = 'YourUserName']]</Select>
 
+  </Query>
 
+</QueryList>
 
+```