Hi
I do many reports where i report on event logs. suck as logon fails, log clears etc etc. many of them return results for wrong time frame.
This example below produces a report containing events that occured some 5 days ago. but should just return last day.
Any pointers please?
Select Top 1000000 tblAssets.AssetName,
Count(tblNtlog.EventlogID) As NumberOfEvents,
tblNtlog.Eventcode,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message,
tblNtlog.TimeGenerated,
tblAssets.Username
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Where (tblNtlogSource.Sourcename = 'Microsoft-Windows-Eventlog' And
tblNtlog.TimeGenerated > GetDate() - 1 And tblAssetCustom.State = 1) Or
(tblNtlogSource.Sourcename = 'Microsoft-Windows-Eventlog')
Group By tblAssets.AssetName,
tblNtlog.Eventcode,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message,
tblNtlog.TimeGenerated,
tblAssets.Username
Having (tblNtlog.Eventcode = 1102) Or
(tblNtlog.Eventcode = 104)
