Categorystring

[Dirk]

When doing a query towards a Win2K box the below SQL statement:

select * from win32_ntlogevent where logfile='Security' and
sourcename='Security' and categorystring='Account Logon' and eventcode='680'
and recordnumber> 10

I get no matching records

If I do
select * from win32_ntlogevent where logfile='Security' and
sourcename='Security' and category=9 and eventcode='680' and recordnumber>
10
I do get matching records

From my understanding category=9 is the same as categorystring='Account
Logon'


Any ideas when a query using the "categorystring" isn't returning matching
records while doing it with category it is.
And IF I can only use category in the query instead of categorystring, is
there somewere a full list of category(string)s? That way I can at least
show my uses a list of what they can select.

 

[Venus Millo]

I don't know why this happens -- it shouldn't, and it doesn't on my XP --
but for your query you can safely ignore the category. Every event in
eventlog is completely defined by the SourceName and the EventIdentifier.
The Category, athough part of the event, is just informative.

The EventCode is always the lower 16bit of the EventIdentifier.
Theoretically is possible to have two different EventIdentifiers with the
same EventCode, but I've yet to see such case.

Ven