Archive for July, 2007

XML Report of Windows EventViewer Security EventID 529

Jul 4th

The following LogParser.exe command will query Windows NT Securiy log with EventID 529 and parse the data into %computername%_security_logons_failed_529.xml.


LogParser "SELECT TimeGenerated AS LogonDate, EXTRACT_TOKEN(Strings, 0, '|')AS Username,EXTRACT_TOKEN(Strings, 3, '|')AS LogonType,EXTRACT_TOKEN(Strings, 4, '|')AS LogonProcess, EXTRACT_TOKEN(Strings, 11, '|')AS Source INTO %computername%_security_logons_failed_529.xml FROM Security WHERE EventID = 529"

Read the rest of this entry »

Networknet.nl Blog

Archive for July, 2007

XML Report of Windows EventViewer Security EventID 529

Pages

Visitors on Networknet.nl

Links

Meta