Skip to content

Instantly share code, notes, and snippets.

@macostag
Created April 30, 2018 04:35
Show Gist options
  • Select an option

  • Save macostag/08a6870c9682ee63dd6a4224410bc180 to your computer and use it in GitHub Desktop.

Select an option

Save macostag/08a6870c9682ee63dd6a4224410bc180 to your computer and use it in GitHub Desktop.
XML filtering in the Windows Event Viewer
<QueryList>
<Query Id="1">
<Select Path="Security">
*[EventData[Data[@Name='param1'] and (Data='mssecsvc')]]
</Select>
</Query>
</QueryList>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment