Re: please help to extract security event log
- From: mik3l3374@xxxxxxxxx
- Date: Thu, 02 Aug 2007 21:01:06 -0700
On Aug 3, 11:14 am, "gs" <g...@xxxxxxxxxxxxxx> wrote:
I am trying to track down some security issue and the exported log file is
too big to look with details and the filtered export got too little details
I want to select security events of " logon/logoff" category between say
2007-07-30 03:00 to 09:00
and get details like
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 2007-07-30
Time: 08:37:45
User: NT AUTHORITY\SYSTEM
Computer: SEDXXS01
Description:
Successful Network Logon:
User Name: SEDXXS01$
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {dd3d7aca-9890-1ea0-e89c-845a04976eac}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 195.228.223.101
Source Port: 3747
For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp.
you might want to look at how to use the microsoft logparser
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07
.
- References:
- Prev by Date: please help to extract security event log
- Next by Date: Re: regex - what is wrong with this pattern
- Previous by thread: please help to extract security event log
- Index(es):
Relevant Pages
|
