Windows 10: problem filtering out login events in security log

Would like to see if there are any remote logins on my system. I brought up the security log but there are so many logins it is not possible to spot anything unusual. I assume the majority of login are something internal to windows and I would like to filter those out if possible.


I clicked on "filter" to see what options there are and the snap-in died as shown in the image below.


In looking through the security log, I see "logon:" followed by "special logon" There are too many of them to be a login from a 3rd party unless all of china is accessing my computer.


How can I filter out logon events that are windows internal to make it easier to see 3rd party login.


I do check "sessions" under shares for remote access periodically. The following error popped up when I clicked on "filter"



:)

 

Bug in Event Viewer - Filter Current Log by Event Source


I found a bug trying to view the Event Log on both my v 1803 PCs for the Option Filter Current Log by Event Source.

Nothing appears in the drop down list unless the screen scaling is set to 100%. This strange behaviour is experienced by many users based on a Google search. It seems Microsoft's infamous software QA strikes again. I guess we will have to wait for a fix.

Is there a better free Event Viewer to use than that provided in Windows?

See the error below - nothing appears in the drop down box unless you use 100% scaling:

 

Bug in Event Viewer - Filter Current Log by Event Source

FYI, this bug also exists in 1809.
It was in 1803 from the beginning, build 17134.1.
It isn't there in 1709, even in the latest build 16299.847 (Dec 2018).

(tested on my System Two below).

 

Custom filter for all event logs that apply for new logs as well

There are several workarounds that may help you

1. Create your default filter for one DEFAULT log file and then, when you need to check your new log file, just rename it to this DEFAULT file name.
   
2. If renaming not possible
   make a text document which lists your desired filters as an XPath queries. It will be your filter library.<br>
   E.g. *[System[Provider[@Name='Application Error' or @Name='Application Hang']]]<br>
   After log opening, go to Filter, then switch to XML, click Edit query manually and modify XML query - replace * with the XPath. <br>
   For complex filters, it should work faster than using UI
   
3. A better option - try Event Log Explorer (free for noncommercial use). It lets you set predefined filters for all online logs and log files at once.