What i need is a command line syntax using Logparser that i can use to on extracted event logs from domain controllers (.evt format), specifically parsing only the audit failures. All the .EVT files are extracted via script nightly and deposited into a network share i have access to. What i would like to do is deposit all those parsed entries of audit failures from the security logs into a .CSV file i can then look over and find anything that might be of particular interest. Ive already looked at all the different event log management tools, this is the method i am being told to use. Suggestions would be GREATLY appreciated..