Security event log parsing
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

Security event log parsing

 
Post new topic   Reply to topic    Forum Index -> microsoft.public.windows.server.general
Author Message
Mark Scholl
Guest
PostPosted: Wed Aug 22, 2007 3:39 pm    Post subject: Security event log parsing Reply with quote
I have a Bank client where the examiners have requested that the security
event log be dumped, printed and reviewed daily for events showing user
login and logout events. They have only one domain controller.

Event ID's 538 and 540 appear to be the events I would like to filter.
However, There are many events from the system user that I would like to
exclude using these event ID's.

I've looked at PSLogList from the PSTools suite but I don't find a switch to
exclude the events from the system user.

Any easy options?

mark scholl
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> microsoft.public.windows.server.general All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory