How to use PowerShell to parse the security log on 2008 to output User names.

Posted on 2008-11-04
Last Modified: 2012-05-05
I've got several web servers that at times I need to know dates and times that a specific user, or handful of users were connected.  I easily do this by running the following PowerShell command on the specific web servers:

get-eventlog security -newest 1000 | select-object TimeGenerated,EntryType,EventID,UserName | where-object {$_.UserName -eq "Domain\UserName"} | group-object TimeGenerated,Username

The problem is, this only works on Windows 2003, and for the life of me, I can't figure out what properties I need to pull to get the same information on my 2008 servers.

Any assistance you can provide would be greatly appreciated.

Question by:sermanre
    LVL 18

    Accepted Solution

    I think your problem is that they (for whatever reason) moved the user name to the actual message. IIRC, It is no longer the event user.

    I suppose your best bet is RegEx'ing the message field

    Author Comment

    That was the same conclusion I had come up with. :( I guess it's time to figure out how to use RegEx.  I'll leave this open a for a few days just in case someone else comes up with an alternative.

    LVL 18

    Expert Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Too many email signature changes to deal with?

    Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

    Recently, I was asked to look into SCCM 2007 by my employer, having a degree of experience of earlier versions of SMS and some previous SCCM knowledge I didn't expect the procedure to involve to much time. I read a number of guides concerning it…
    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now