XML Report of Windows EventViewer Security EventID 529
Ivan Versluis July 4th, 2007
The following command within LogParser.exe will query Windows NT Securiy log with EventID 529 and parse the data into %computername%_security_logons_failed_529.xml.
LogParser “SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, ‘|’)AS Username,EXTRACT_TOKEN(Strings, 3, ‘|’)AS LogonType,EXTRACT_TOKEN(Strings, 4, ‘|’)AS LogonProcess, EXTRACT_TOKEN(Strings, 11, ‘|’)AS Source INTO %computername%_security_logons_failed_529.xml FROM Security WHERE EventID = 529″
