(imported topic written by SystemAdmin)
Hi All,
I took a look at the previous thread to create a relevance to get specific event ID’s
http://forum.bigfix.com/viewtopic.php?id=672
(event id of it mod 2147483648 mod 1073741824 , source of it, time generated of it) of records whose (now - time generated of it < 4*day) of system event log
One problem that I ran across is the following:
In the event viewer, these two events show up as follows:
Source: b57w2k, Event ID: 15 (Time 3:43:38 AM)
Source: b57w2k, Event ID: 9 (Time 3:43:40 AM)
Source: W32Time, Event ID: 35 (Time 3:44:22 AM)
When I run the relevance, they show up as follows:
327695, b57w2k, ( Sun, 08 Jul 2007 03:43:38 -0400 )
327689, b57w2k, ( Sun, 08 Jul 2007 03:43:40 -0400 )
39452707, W32Time, ( Sun, 08 Jul 2007 03:44:22 -0400 )
Is there another “mod” calculation that would cover this?
Thanks
Rob