Xpath

From WikiWiki
Revision as of 10:58, 9 August 2016 by Mendel (talk | contribs)
(change visibility) (diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Windows Event viewer uses xpath to create queries. It is retarded...

Some examples for greater good:

https://blogs.technet.microsoft.com/askds/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer/

Code Comment 
<QueryList>
	<Query Id="0" Pat="Security">
		<Select Path="Security">
			*[System[(EventID='4662')]]
			and
			*[EventData[Data[@Name='ObjectType'] and (Data='%{bf967a9c-0de6-11d0-a285-00aa003049e2}')]]
			and
			*[EventData[Data[@Name='AccessList'] and (Data='%%7684&#xD;&#xA;&#x09;&#x09;&#x09;&#x09;')]]
		</Select>
	</Query>
</QueryList>
search for 4662 (group changed) of objecttype "bf967a9c-0de6-11d0-a285-00aa003049e2" which is group and accesslist = 7684 which is members
Example Example
Example Example


some tags to find this page: query, QueryList, eventdata, ObjectType, AccessList, Security

Retrieved from "https://mendelonline.be/wiki/index.php?title=Xpath&oldid=380"