Windows Event Viewer Filter

DustinB3403

@momurda said in Windows Event Viewer Filter:

@tim_g @dbeato @DustinB3403
Perhaps i could point these at graylog and be able to actually do something with the information.

Possible, would be interesting to see what you do with them. I really only use windows event logs to find BSOD issues.

User issues I correct with a bat. . .

momurda

@dustinb3403 I only want to find out who is accidentally deleting invoices.

DustinB3403

@momurda said in Windows Event Viewer Filter:

@dustinb3403 I only want to find out who is "accidentally" deleting invoices.

I've ftfy.

Obsolesce

@momurda said in Windows Event Viewer Filter:

@dustinb3403 I only want to find out who is accidentally deleting invoices.

If you have the file name, you can opne the event log and "Find" that file.

You can filter just for deletion events, and use find to find the file or user.

dbeato

@momurda said in Windows Event Viewer Filter:

@tim_g @dbeato @DustinB3403
Perhaps i could point these at graylog and be able to actually do something with the information.

Yes, you could. https://marketplace.graylog.org/addons/750b88ea-67f7-47b1-9a6c-cbbc828d9e25

DustinB3403

Are these PDF copies of your invoices? Why isn't your invoicing system keeping record of these?

DustinB3403

@dbeato said in Windows Event Viewer Filter:

@momurda said in Windows Event Viewer Filter:

@tim_g @dbeato @DustinB3403
Perhaps i could point these at graylog and be able to actually do something with the information.

Yes, you could. https://marketplace.graylog.org/addons/750b88ea-67f7-47b1-9a6c-cbbc828d9e25

This doesn't appear to be for File events, more AD events on the user and group side of things rather than the share side of things.

DustinB3403

@tim_g said in Windows Event Viewer Filter:

@momurda said in Windows Event Viewer Filter:

@dustinb3403 I only want to find out who is accidentally deleting invoices.

If you have the file name, you can opne the event log and "Find" that file.

You can filter just for deletion events, and use find to find the file or user.

Honestly you should be able to "find" events by the user who they are generated about.

dbeato

@dustinb3403 said in Windows Event Viewer Filter:

@dbeato said in Windows Event Viewer Filter:

@momurda said in Windows Event Viewer Filter:

@tim_g @dbeato @DustinB3403
Perhaps i could point these at graylog and be able to actually do something with the information.

Yes, you could. https://marketplace.graylog.org/addons/750b88ea-67f7-47b1-9a6c-cbbc828d9e25

This doesn't appear to be for File events, more AD events on the user and group side of things rather than the share side of things.

You are right, let's see this one then
https://marketplace.graylog.org/addons/f42b42f3-c269-45e3-8fc8-923f2194001b
he can check all of them here
https://marketplace.graylog.org/addons?tag=Windows

momurda

@dustinb3403 said in Windows Event Viewer Filter:

Are these PDF copies of your invoices? Why isn't your invoicing system keeping record of these?

Invoicing system, what is that?
These pdfs are generated sales orders in CRM that the finance people turn into invoices to send out to customers. They use QB to do that currently, but we are implementing an ERP which hopefully will automate this 1960s workflow.

momurda

@dustinb3403 said in Windows Event Viewer Filter:

@tim_g said in Windows Event Viewer Filter:

@momurda said in Windows Event Viewer Filter:

@dustinb3403 I only want to find out who is accidentally deleting invoices.

If you have the file name, you can opne the event log and "Find" that file.

You can filter just for deletion events, and use find to find the file or user.

Honestly you should be able to "find" events by the user who they are generated about.

Interesting the Find button in Action pane does work for username.

DustinB3403

@momurda guess I touched a nerve lol. . .

dbeato

@momurda said in Windows Event Viewer Filter:

@dustinb3403 said in Windows Event Viewer Filter:

Are these PDF copies of your invoices? Why isn't your invoicing system keeping record of these?

Invoicing system, what is that?
These pdfs are generated sales orders in CRM that the finance people turn into invoices to send out to customers. They use QB to do that currently, but we are implementing an ERP which hopefully will automate this 1960s workflow.

QB has the invoice then and the CRM can make the order again

DustinB3403

@momurda said in Windows Event Viewer Filter:

@dustinb3403 said in Windows Event Viewer Filter:

@tim_g said in Windows Event Viewer Filter:

@momurda said in Windows Event Viewer Filter:

@dustinb3403 I only want to find out who is accidentally deleting invoices.

If you have the file name, you can opne the event log and "Find" that file.

You can filter just for deletion events, and use find to find the file or user.

Honestly you should be able to "find" events by the user who they are generated about.

Interesting the Find button in Action pane does work for username.

The rub is you have to guess at what user did what change. . . as the logs could go back months or longer.

DustinB3403

@dbeato said in Windows Event Viewer Filter:

@momurda said in Windows Event Viewer Filter:

@dustinb3403 said in Windows Event Viewer Filter:

Are these PDF copies of your invoices? Why isn't your invoicing system keeping record of these?

Invoicing system, what is that?
These pdfs are generated sales orders in CRM that the finance people turn into invoices to send out to customers. They use QB to do that currently, but we are implementing an ERP which hopefully will automate this 1960s workflow.

QB has the invoice then and the CRM can make the order again

But QB. . . gah