4
07
2007
The following command within LogParser.exe will query Windows NT Securiy log with EventID 529 and parse the data into %computername%_security_logons_failed_529.xml.
LogParser “SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, ‘|’)AS Username,EXTRACT_TOKEN(Strings, 3, ‘|’)AS LogonType,EXTRACT_TOKEN(Strings, 4, ‘|’)AS LogonProcess, EXTRACT_TOKEN(Strings, 11, ‘|’)AS Source INTO %computername%_security_logons_failed_529.xml FROM Security WHERE EventID = 529″
Read the rest of this entry »
Comments : No Comments »
Categories : Logparser
18
06
2007
As IT security pros we often scan many different networks and use different commands to perform the job. At the end we have dozen of log files which we need to analyze.
Couple days I installed a nice tool developed by Microsoft called LogParser. It has some neat features for queering different data sources.
I played with it and came up with some nice command lines.
a) Put all your logs into C:\Scans\ directory and make sure they all have the same extension e.g. .log or .txt
b) Go to CMD and paste the following command line
C:\Tools\LogParser2.2>LogParser.exe -i:textline “select text from C:\Scans\*.log where text like ‘%VUL%’” -o:CSV Read the rest of this entry »
Comments : 1 Comment »
Categories : Logparser
Recent Comments