Windows event log exclude user


We're running Windows 2012 with AD LDS (aka ADAM). We're troubleshooting an application, and the ADAM sync command that runs hourly is filling up our event log.

The event viewer filters show how to exclude criteria for event IDs, but not how to exclude users. Our service account is performing all the ldap_modify statements and we don't need to see those. Because our authentication process uses ldap_search (event IDs 1138 or 1139), we can't just exclude all of those events.

Does anyone know how to exclude users in event viewer filters?

Best Answer

Is PowerShell an option?

Get-EventLog -LogName "AD LDS" -After 05/14/14 | ? {$_.UserName -notlike "*USERNAME*" }

From there you can save it an an .evt file or just use PowerShell to parse and filter it to your hearts extent. There are plenty of resources on using PowerShell to filter and manipulate Event Logs if you do a bit of research.