RE: Powershell Eventlog Reporting

Joseph L. Casale Thu, 24 May 2012 09:41:35 -0700

Sorry Michael,
The Message is a string, which makes for large capturing regex's, total pain...
I had hoped the Member|Account name was accessible from with the Message
property...


An example output:

Get-WinEvent Security |?{ $_.Id -eq 4729 } |fl

TimeCreated  : 5/24/2012 9:40:16 AM
ProviderName : Microsoft-Windows-Security-Auditing
Id           : 4729
Message      : A member was removed from a security-enabled global group.
               
               Subject:
                   Security ID:        
S-1-5-21-2887164728-1639811974-4180998483-500
                   Account Name:        Administrator
                   Account Domain:        FOO
                   Logon ID:        0x332ab
               
               Member:
                   Security ID:        
S-1-5-21-2887164728-1639811974-4180998483-1109
                   Account Name:        CN=user,OU=1,OU=a,DC=foo,DC=local
               
               Group:
                   Security ID:        
S-1-5-21-2887164728-1639811974-4180998483-5135
                   Group Name:        Grp_Test
                   Group Domain:        FOO
               
               Additional Information:
                   Privileges:        -
________________________________________
From: Michael B. Smith [[email protected]]
Sent: Thursday, May 24, 2012 10:10 AM
To: NT System Admin Issues
Subject: RE: Powershell Eventlog Reporting

I don't understand what you are asking?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin

RE: Powershell Eventlog Reporting

Reply via email to