Logs are an important part of daily administration however, getting the data out of the logs can be at times, painstaking!
Microsoft's Log Parser utility - http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en can help with extracting the data you want. While the tool is comprehensive enough, the command line queries can be difficult to create.
For example, after you download and install the tool and you wanted to examine all of the print activities from user name "test".
You would type the following command:
LogParser "SELECT TimeGenerated, SourceName, EventCategoryName, Message INTO report.txt FROM System WHERE EventID = 10 AND SID LIKE '%test%'" -resolveSIDs:ON
The report.txt file output will display, nicely formatted, all the particulars for that user. Of course, you can change the parameters to match the security log too!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment