The Event Viewer is a very useful tool however, like any log management solution, the biggest hurdle can be filtering out the noise and returning only the meaningful log data that you care about.

This is a follow-up on a previous article which can be viewed here: Finding Human Logins in the Windows Event Viewer – Suppressing Everything Else

One of the most common requests is seeing who has been in and out of a box. To that end, I want to expand a bit more and talk about how to filter on the following three things… Username, Event ID, and Logon Type.
(more…)