To filter events in an event log
Using the Windows interface
1. | Open Event Viewer |
2. | In the console tree, select the log you want to filter. |
3. | On the View menu, click Filter. |
4. | On the Filter tab, specify the characteristics you want. |
Note
| • | To open Event Viewer, click Start, click Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Event Viewer. |
| • | To return to the default criteria, click Restore Defaults. |
| • | To turn off event filtering, on the View menu, click All Records. |
Using a command line
1. | Open Command Prompt |
2. | Type: eventquery[.vbs] [-?] [-s Computer [-u Domain\User [-p Password]]] [-fi FilterName ] [-fo {TABLE|LIST|CSV}] [-r EventRange [-nh] [-v] [-l {APPLICATION|SYSTEM|SECURITY|"DNS Server"|LOG|DirectoryLogName|*}] |
| Value | Description |
-? | Displays Help on Eventquery.vbs |
-s Computer | Specifies the name of one or more remote computers. The default is the local computer. |
-u Domain\User | This is used when a password is required. |
-p Password | This is used when required by network security policy. |
-fi FilterName | Specifies the types of events to include in or exclude from the query. |
-fo {TABLE|LIST|CSV} | The format to use for the output. |
-r EventRange | The range of events to list. |
-nh | Supresses column headers in the output of table and .csv formats. |
-v | Specifies that verbose task information be displayed in the output. |
-l {APPLICATION|SYSTEM|SECURITY|"DNS Server"|LOG|DirectoryLogName|*} | Specifies the logs to monitor. |
Note
| • | To open command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt. | |||||||||||||||||||||
| • | To view the complete syntax for this command, at a command prompt, type: eventquery.vbs -? | |||||||||||||||||||||
| • | The following are valid for use with the -fi FilterName value:
|
Related Topics
| • | |
| • | |
| • | |
| • | |
| • | |
| • | |
| • |