Collecting Windows Task Scheduler Events
I need to retrieve the events generated by Windows Task Scheduler Service, but as far as I saw, this service does not log the events to any of the "common" windows logs channels (Security, Application or System). Does anyone have experience to retrieve this kind of events?
If so, please tell me the steps to do that.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
- task scheduler
- windows task scheduler
These events reside in Event Viewer at /Application and Service Logs/Microsoft/Windows/TaskScheduler. The log file you likely want to collect from here is "Operational":
You can collect these events by adding "Microsoft-Windows-TaskScheduler/Operational" to your Channel, like this:
These events can be queried using event.source='microsoft-windows-taskscheduler':
Hope this helps.