Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-09-2016 03:46 PM
I am trying to run a report to gather the name of devices, the last user logged on and then have had a specific event code happen then to filter the results by the most recent date of appearance of that error code.
This is what I'm trying now:
Select Top 1000000 tblAssets.AssetID As ID,
tblAssets.AssetName,
tblAssets.Username,
tblNtlog.Eventcode
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join tsysIPLocations On tsysIPLocations.StartIP <= tblAssets.IPNumeric
And tsysIPLocations.EndIP >= tblAssets.IPNumeric
Where tblNtlog.Eventcode = 7036
7036 is the code I am after, this (on the system I am using) is directly related to Anti Virus being stopped by an admin. The above code isn't working, I keep receiving no results however I can see on my PC that the code appears.
This is what I'm trying now:
Select Top 1000000 tblAssets.AssetID As ID,
tblAssets.AssetName,
tblAssets.Username,
tblNtlog.Eventcode
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join tsysIPLocations On tsysIPLocations.StartIP <= tblAssets.IPNumeric
And tsysIPLocations.EndIP >= tblAssets.IPNumeric
Where tblNtlog.Eventcode = 7036
7036 is the code I am after, this (on the system I am using) is directly related to Anti Virus being stopped by an admin. The above code isn't working, I keep receiving no results however I can see on my PC that the code appears.
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-16-2016 12:23 AM
There's nothing syntactically wrong with the report. The specified event most likely hasn't been scanned yet. Keep in mind that only error events are scanned by default. You can enable additional event types for scanning by following these instructions.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-16-2016 12:23 AM
There's nothing syntactically wrong with the report. The specified event most likely hasn't been scanned yet. Keep in mind that only error events are scanned by default. You can enable additional event types for scanning by following these instructions.
