Sunday, March 17, 2013
Logparser : Export - View EventLogs by Logparser.
ID Created Logs
logparser.exe -o:CSV >> C:\IDCreation.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDCreatedby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=624"
ID Disabled Logs
logparser.exe -o:CSV >> C:\ID-Disable.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDDisabledby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=629"
ID Enabled Logs
logparser.exe -o:CSV >> C:\ID-Enabled.csv "SELECT
TimeGenerated,EventTypeName,EventCategoryName,
extract_token(strings,0,'|') AS UserName, EXTRACT_TOKEN(Strings,1,'|')
AS Domain,EXTRACT_TOKEN(Strings,3,'|') AS IDEnabledby, message,
eventid FROM D:\EvtLogs\*.evt where eventid=626"
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment