Windows 10: problem filtering out login events in security log

Discus and support problem filtering out login events in security log in AntiVirus, Firewalls and System Security to solve the problem; Would like to see if there are any remote logins on my system. I brought up the security log but there are so many logins it is not possible to spot... Discussion in 'AntiVirus, Firewalls and System Security' started by BeemerBiker, Jun 20, 2019.

  1. BEEMERBIKER
    BeemerBiker Win User

    problem filtering out login events in security log


    Would like to see if there are any remote logins on my system. I brought up the security log but there are so many logins it is not possible to spot anything unusual. I assume the majority of login are something internal to windows and I would like to filter those out if possible.


    I clicked on "filter" to see what options there are and the snap-in died as shown in the image below.


    In looking through the security log, I see "logon:" followed by "special logon" There are too many of them to be a login from a 3rd party unless all of china is accessing my computer.


    How can I filter out logon events that are windows internal to make it easier to see 3rd party login.


    I do check "sessions" under shares for remote access periodically. The following error popped up when I clicked on "filter"

    problem filtering out login events in security log b72ec741-1547-4be1-9b15-47e817894d5c?upload=true.png

    :)
     
    BeemerBiker, Jun 20, 2019
    #1
  2. STEVE C
    Steve C Win User

    Bug in Event Viewer - Filter Current Log by Event Source


    I found a bug trying to view the Event Log on both my v 1803 PCs for the Option Filter Current Log by Event Source.

    Nothing appears in the drop down list unless the screen scaling is set to 100%. This strange behaviour is experienced by many users based on a Google search. It seems Microsoft's infamous software QA strikes again. I guess we will have to wait for a fix.

    Is there a better free Event Viewer to use than that provided in Windows?

    See the error below - nothing appears in the drop down box unless you use 100% scaling:

    problem filtering out login events in security log [​IMG]
     
    Steve C, Jun 20, 2019
    #2
  3. BREE
    Bree Win User
    Bug in Event Viewer - Filter Current Log by Event Source


    FYI, this bug also exists in 1809.
    It was in 1803 from the beginning, build 17134.1.
    It isn't there in 1709, even in the latest build 16299.847 (Dec 2018).

    (tested on my System Two below).
     
    Bree, Jun 20, 2019
    #3
  4. MICHAEL KARSYAN
    Michael Karsyan Win User

    problem filtering out login events in security log

    Custom filter for all event logs that apply for new logs as well

    There are several workarounds that may help you

    1. Create your default filter for one DEFAULT log file and then, when you need to check your new log file, just rename it to this DEFAULT file name.
    2. If renaming not possible
      make a text document which lists your desired filters as an XPath queries. It will be your filter library.<br>
      E.g. *[System[Provider[@Name='Application Error' or @Name='Application Hang']]]<br>
      After log opening, go to Filter, then switch to XML, click Edit query manually and modify XML query - replace * with the XPath. <br>
      For complex filters, it should work faster than using UI
    3. A better option - try Event Log Explorer (free for noncommercial use). It lets you set predefined filters for all online logs and log files at once.
     
    Michael Karsyan, Jun 20, 2019
    #4
Thema:

problem filtering out login events in security log

Loading...

  1. problem filtering out login events in security log - Similar Threads - problem filtering login

  2. Windows 11 Event log security full daily - cannot login

    in Windows 10 Gaming
    Windows 11 Event log security full daily - cannot login: We have two new Windows 11 PCs on our domain that Event log Security is full daily - cannot login - configure to overwrite - issur returns in 24 hours - full log - no logon. Configured as Admin - issue repeats in 24 hours...

  3. Windows 11 Event log security full daily - cannot login

    in Windows 10 Software and Apps
    Windows 11 Event log security full daily - cannot login: We have two new Windows 11 PCs on our domain that Event log Security is full daily - cannot login - configure to overwrite - issur returns in 24 hours - full log - no logon. Configured as Admin - issue repeats in 24 hours...

  4. WinRM Security - Event Logs

    in Windows 10 Gaming
    WinRM Security - Event Logs: Hi, could someone please take a look at the logs attached and tell me if it's possible to tell by the logs if anyone might have used WinRM on my machine to gain unauthorized access? I use Windows 11 and I never set up WinRM to begin with. Thank you so much in advance....

  5. WinRM Security - Event Logs

    in Windows 10 Software and Apps
    WinRM Security - Event Logs: Hi, could someone please take a look at the logs attached and tell me if it's possible to tell by the logs if anyone might have used WinRM on my machine to gain unauthorized access? I use Windows 11 and I never set up WinRM to begin with. Thank you so much in advance....

  6. Event Viewer: Filter Administrative Events?

    in Windows 10 Support
    Event Viewer: Filter Administrative Events?: The Administrative Events window quickly fills up with DistributedCOM warnings and errors. I tried to fix this, but in the end, couldn't get past the final step: Fixing DistributedCOM error 10016 Failing that (any other ideas folks on how to fix rather than hide the...

  7. Filter in the event viewer.

    in Windows 10 Support
    Filter in the event viewer.: Hi, is it possible to create a filter by manually editing the XML query in the event viewer and have the entered query remain stored in the log even if I close the event viewer? Thanks 170228

  8. Event Viewer - Security: "Special Login?"

    in User Accounts and Family Safety
    Event Viewer - Security: "Special Login?": Hi Guys, I'm a newbie at posting so please be gentle *Smile What's the deal with these "special logins" in the Security Report within Win10 Event Viewer? Here's a screenshot.: [img] The entries are frequent and every minute or so. What's going on? THank you in advance....

  9. Security Event Log flooded with 4656 Events

    in AntiVirus, Firewalls and System Security
    Security Event Log flooded with 4656 Events: We are having issues with our Security event log within Event Viewer. It is my understanding when you perform Object Access auditing and enable it within Group Policy, you still need to enable auditing on the Objects (to be audited) themselves. We just enabled Object Access...

  10. Bug in Event Viewer - Filter Current Log by Event Source

    in Windows 10 Support
    Bug in Event Viewer - Filter Current Log by Event Source: I found a bug trying to view the Event Log on both my v 1803 PCs for the Option Filter Current Log by Event Source. Nothing appears in the drop down list unless the screen scaling is set to 100%. This strange behaviour is supported by many users based on a Google search. It...