This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

properly filtering windows logs

Hi,

Sorry if this is a common question.....  Im both totally new to LEM and centralised logging in general and was wandering if there is an easy way to filter just the critical and error logs from all windows PCs on a network?  I tried it with severity levels, but they seem to be inconsistent, so filtering by them doesnt really stand a chance

Thanks

  • Yea, severity levels can be unreliable in some cases. What is the most critical activity that happens on the network for your company? Are you getting any firewall events logged? Is it just the windows generated events? I think looking at the rules that come with the LEM and having your own priorities will help looking at the events they are supposed to alert you about and setting up filters accordingly. There are filters for account lockouts, and changes to the accounts, and servers being offline and many others.