How do I identify parameter numbers used in Window's events when creating new processing rules? (NETIQKB72007)

  • 7772007
  • 07-Jan-2010
  • 07-Jan-2010

Environment

Security Manager 5.x
Security Manager 6.x

Situation

How to identify parameter numbers in windows events when creating new processing rules in Security Manager.

Resolution

Open SM Development Console
Expand "Processing Rule Groups"
Right click any processing rule group and select "Import Dynamic Link Library"
Select File / Browse / Security / Security and then "Open"
Scroll down to the bottom and find the MsAuditE.dll section and highlight the EventID you are looking for.

The Message field section will show the Text and a parameter that matches it.  You can expand the message column by scrolling to the far right and double clicking the right hand side of the column header as in excel.

Additional Information

Formerly known as NETIQKB72007

Feedback service temporarily unavailable. For content questions or problems, please contact Support.