How do I identify parameter numbers used in Window's events when creating new processing rules? (NETIQKB72007)

  • 7772007
  • 07-Jan-2010
  • 07-Jan-2010


Security Manager 5.x
Security Manager 6.x


How to identify parameter numbers in windows events when creating new processing rules in Security Manager.


Open SM Development Console
Expand "Processing Rule Groups"
Right click any processing rule group and select "Import Dynamic Link Library"
Select File / Browse / Security / Security and then "Open"
Scroll down to the bottom and find the MsAuditE.dll section and highlight the EventID you are looking for.

The Message field section will show the Text and a parameter that matches it.  You can expand the message column by scrolling to the far right and double clicking the right hand side of the column header as in excel.

Additional Information

Formerly known as NETIQKB72007