Search Windows security log

Asset 23

How to search the Windows Event Log for logins by username

Posted on 10 September 2012 by Beaming Support

In order to search the Windows Event Log for logins by username you will need to be using Windows Server 2008

The following steps will allow you to search the Windows Event log for logins by username.

  1. Open event viewer and select the Security Logs
  2. Select filter current log in the Actions pane.
  3. Select XML tab
  4. Select ‘Edit query manually’
  5. Replace the line <Select Path=”Security”>*</Select> with the highlighted line below and select okay.
  6. The results now show your custom security log XML search
  7. Do not forget to revert the change after running your searches
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">* [EventData[Data[@Name='TargetUserName']='USERNAME']]</Select>
</Query>
</QueryList>

Change the USERNAME field to the appropriate username configured in active directory for the user you are searching security events for.

 

Asset 44

Managed services

Beaming is an independent Internet Service Provider bringing connectivity joy to businesses across the UK.

To complement our connectivity, we offer a range of services designed to support your business.

Avoid internet downtime

IT professionals in UK businesses dealt with 82M hours of internet outages last year.

Sign up for Beaming's monthly email updates & receive news on the latest tech to keep you online, simple shareable advice to help colleagues avoid cyber threats & how-to guides from our experienced tech team.
  • This field is for validation purposes and should be left unchanged.

Get the best of Beaming straight to your inbox

Sign up for easy cyber security advice anyone can follow, research into what businesses are doing with their tech and how-to guides to boost productivity and efficiency.

  • This field is for validation purposes and should be left unchanged.