我正在尝试根据以下事件 XML(示例)创建一个事件过滤器,但似乎缺少了一些东西:
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Events><Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='acvpnui'/>
<EventID Qualifiers='25600'>3021</EventID>
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime='2016-04-08T22:01:57.000000000Z'/>
<EventRecordID>35164</EventRecordID>
<Channel>Cisco AnyConnect Secure Mobility Client</Channel>
<Computer>MyComputerName.domain.com</Computer>
<Security/>
</System>
<EventData>
<Data>Message type information sent to the user:
Connected to my.vpn.server.com.</Data>
</EventData>
</Event></Events>
我正在使用以下 XML XPath 过滤器,但没有得到任何结果:
<QueryList>
<Query Id="0" Path="Cisco AnyConnect Secure Mobility Client">
<Select Path="Cisco AnyConnect Secure Mobility Client">
Event
[System
[Provider
[@Name='acvpnui'] and (EventID=3021)
]
]
[EventData
[Data and (Data='Message type information sent to the user: Connected to my.vpn.server.com.')]
]
</Select>
</Query>
</QueryList>
我可以取出and (Data='Message type information sent to the user: Connected to my.vpn.server.com.')],但这样一来,过滤器会给出比我想要的更多的结果。如何过滤特定的 EventData?