Search Windows security log

Asset 23

How to search the Windows Event Log for logins by username

Posted on 10 September 2012 by Beaming Support

In order to search the Windows Event Log for logins by username you will need to be using Windows Server 2008

The following steps will allow you to search the Windows Event log for logins by username.

  1. Open event viewer and select the Security Logs
  2. Select filter current log in the Actions pane.
  3. Select XML tab
  4. Select ‘Edit query manually’
  5. Replace the line <Select Path=”Security”>*</Select> with the highlighted line below and select okay.

<QueryList> <Query Id=”0″ Path=”Security”> <Select Path=”Security”>* [EventData[Data[@Name=’TargetUserName’]=’USERNAME’]]</Select> </Query> </QueryList>

6. Change the USERNAME field to the appropriate username configured in active directory for the user you are searching security events for.

7. The results now show your custom security log XML search.

8. Do not forget to revert the change after running your searches

 

 

 

Asset 6

Fibre leased lines

The most reliable internet connectivity, with ultra high speeds and no need to share.

Discover leased line technology

Avoid internet downtime

Subscribe and we’ll send a monthly email update with guidance to keep your business productive and secure online.

  • This field is for validation purposes and should be left unchanged.

Related content

Servers & applications
Asset 22

Changing a login name in Office 365 when using On-Premises Active Directory

21/11/16 Support team
Read more

Latest tech support posts – shared monthly!

Get all the latest tech support answers drop straight in your inbox. Sign up to our email round up. Add your email address below

  • This field is for validation purposes and should be left unchanged.