There's a default rule for this, look for "Windows Event Log Cleared". It has exactly the logic that ssei posted above.
↧
Channel:
THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
X
Are you the publisher?
Claim or
contact us
about this channel.
X
0
Channel Details:
- Title: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
- Channel Number: 13526340
- Language: English
- Registered On: May 17, 2013, 5:14 am
- Number of Articles: 5385
- Latest Snapshot: February 19, 2020, 1:10 pm
- RSS URL: http://thwack.solarwinds.com/community/feeds/messages?community=2029
- Publisher: https://thwack.solarwinds.com/community/it-security/security-event-manager-sem?view=discussions
- Description: Most recent forum messages
- Catalog: //event36.rssing.com/catalog.php?indx=13526340
© 2026 //www.rssing.com