Audit Log Filter (Service)

Audit Log Filter (Service)

You can filter data in Audit Log Viewer (Service) so only records that meet specific conditions are displayed in the list.

There are two types of filters:

Include - only entries that match conditions specified on the Include tab are shown in the list.

Exclude - entries that match conditions specified on the Exclude tab are not shown in the list.

To use any filter, you should activate it first. Check the Enable filter flag to make a filter active. To temporary deactivate the filter, uncheck the Enable filter flag.

To save filter's settings from the current tab (Include or Exclude) to an external file, press the Save button.

To load a previously saved filter settings to a current tab, press the Load button and select a file.

When the filter is active you can define its condition by entering values into the following fields:

- Success audit - specifies whether to filter device access attempts that were successful.

- Failure audit - specifies whether to filter device access attempts that failed.

- Name - the text that matches a value in the Audit Log Viewer's Name column. This field is not case-sensitive and you may use wildcards. You can enter multiple values separated by a semicolon (;).

- Source - the text that matches a value in the Audit Log Viewer's Source column. This field is not case-sensitive and you may use wildcards. You can enter multiple values separated by a semicolon (;).

- Action - the text that matches a value in the Audit Log Viewer's Action column. This field is not case-sensitive and you may use wildcards. You can enter multiple values separated by a semicolon (;).

- Information - the text that matches a value in the Audit Log Viewer's Information column. This field is not case-sensitive and you may use wildcards. You can enter multiple values separated by a semicolon (;).

- Reason - the text that matches a value in the Audit Log Viewer's Reason column. This field is not case-sensitive and you may use wildcards. You can enter multiple values separated by a semicolon (;).

- User - the text that matches a value in the Audit Log Viewer's User column. This field is not case-sensitive and you may use wildcards. You can enter multiple values separated by a semicolon (;).

- Process - the text that matches a value in the Audit Log Viewer's Process column. This field is not case-sensitive and you may use wildcards. You can enter multiple values separated by a semicolon (;).

- PID - the number that matches a value in the Audit Log Viewer's PID column. You can enter multiple values separated by a semicolon (;).

- From - specifies the beginning of the interval of events that you want to filter. Select First Event to see events starting with the first event recorded in the log. Select Events On to see events that occurred starting with a specific time and date.

- To - specifies the end of the range of events that you want to filter. Select Last Event to see events ending with the last event recorded in the log. Select Events On to see events that occurred ending with a specific time and date.

The AND logic is applied to all specified fields and between active filters (Include/Exclude). It means that the filter's result includes only those records that comply with all defined conditions.

If you don't want to include a field to the filter's condition, just leave this field empty.

English-to-Russian translation