Hi all, I'm brand new to log management and LEM and was hoping someone could point me to where I can find some information. I have a list of Windows events that I need to monitor and I'm having trouble creating filters for them. Are there instructions anywhere for creating a filter based on a specific event ID (or a group of them). For example, I need to monitor events 576 (Special privileges assigned to new logon), 577 (Privileged service called), and 578 (Privileged object operation). I like the generic nature of the filter parts in theory but I'm having trouble figuring out what I need to look for. Any help would be greatly appreciated.
Cassandra