My Oracle Support Banner

How to add a filter in the Log Analytics Log sources to eliminate specific windows events on the Log Explorer? (Doc ID 2923698.1)

Last updated on MARCH 01, 2023

Applies to:

OCI Logging Analytics Service - Version N/A and later
Information in this document applies to any platform.

Goal

 How to add a filter in the Log Analytics Log sources to eliminate specific Windows events on the Log Explorer?

 For instance:

Time: 20220329160112.745245100
Event Generation Time: 2022-03-29T16:01:12.745Z
Event Log File: Security
Event Code:
Event ID: 4672
Event Type: 0
Record ID: 4745466
Component: Microsoft-Windows-Security-Auditing
Machine Name: XXXX.XXXX>XXX
Category ID: 12548
Category: Special Logon
Type:
User Name: N/A
Data: SubjectUserSid:S-1-5-18; SubjectUserName:XXXX; SubjectDomainName:XXXX; SubjectLogonId:XXXX; PrivilegeList:SeAssignPrimaryTokenPrivilege
            SeTcbPrivilege
            SeSecurityPrivilege
            SeTakeOwnershipPrivilege
            SeLoadDriverPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeDebugPrivilege
            SeAuditPrivilege
            SeSystemEnvironmentPrivilege
            SeImpersonatePrivilege
            SeDelegateSessionUserImpersonatePrivilege;
Message: Special privileges assigned to new logon.
 
Subject:
    Security ID:            XX-XX-XX-XX
    Account Name:        XXXX
    Account Domain:     XXXX
    Logon ID:               XXX
 
Privileges:        SeAssignPrimaryTokenPrivilege
[...]

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.