Environment
Security Manager 5.x
Security Manager 6.x
Security Manager 6.x
Situation
How to identify parameter numbers in windows events when creating new processing rules in Security Manager.
Resolution
| Open SM Development Console Expand "Processing Rule Groups" Right click any processing rule group and select "Import Dynamic Link Library" Select File / Browse / Security / Security and then "Open" Scroll down to the bottom and find the MsAuditE.dll section and highlight the EventID you are looking for. The Message field section will show the Text and a parameter that matches it. You can expand the message column by scrolling to the far right and double clicking the right hand side of the column header as in excel. |
Additional Information
Formerly known as NETIQKB72007