How to use PowerShell to parse the security log on 2008 to output User names.

Posted on 2008-11-04
Medium Priority
Last Modified: 2012-05-05
I've got several web servers that at times I need to know dates and times that a specific user, or handful of users were connected.  I easily do this by running the following PowerShell command on the specific web servers:

get-eventlog security -newest 1000 | select-object TimeGenerated,EntryType,EventID,UserName | where-object {$_.UserName -eq "Domain\UserName"} | group-object TimeGenerated,Username

The problem is, this only works on Windows 2003, and for the life of me, I can't figure out what properties I need to pull to get the same information on my 2008 servers.

Any assistance you can provide would be greatly appreciated.

Question by:sermanre
  • 2
LVL 18

Accepted Solution

BSonPosh earned 375 total points
ID: 22876840
I think your problem is that they (for whatever reason) moved the user name to the actual message. IIRC, It is no longer the event user.

I suppose your best bet is RegEx'ing the message field

Author Comment

ID: 22885541
That was the same conclusion I had come up with. :( I guess it's time to figure out how to use RegEx.  I'll leave this open a for a few days just in case someone else comes up with an alternative.

LVL 18

Expert Comment

ID: 22890129

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question