I don't know why this happens -- it shouldn't, and it doesn't on my XP --
but for your query you can safely ignore the category. Every event in
eventlog is completely defined by the SourceName and the EventIdentifier.
The Category, athough part of the event, is just informative.
The EventCode is always the lower 16bit of the EventIdentifier.
Theoretically is possible to have two different EventIdentifiers with the
same EventCode, but I've yet to see such case.
Ven
"Dirk" <dirk@nospam_to_remove_ofcourse.woodstone.nu> wrote in message
news:(E-Mail Removed)...
> When doing a query towards a Win2K box the below SQL statement:
>
> select * from win32_ntlogevent where logfile='Security' and
> sourcename='Security' and categorystring='Account Logon' and
eventcode='680'
> and recordnumber> 10
>
> I get no matching records
>
> If I do
> select * from win32_ntlogevent where logfile='Security' and
> sourcename='Security' and category=9 and eventcode='680' and recordnumber>
> 10
> I do get matching records
>
> From my understanding category=9 is the same as categorystring='Account
> Logon'
>
>
> Any ideas when a query using the "categorystring" isn't returning matching
> records while doing it with category it is.
> And IF I can only use category in the query instead of categorystring, is
> there somewere a full list of category(string)s? That way I can at least
> show my uses a list of what they can select.
>
>
>
>
|
Similar Threads
