• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 900
  • Last Modified:

How to use PowerShell to parse the security log on 2008 to output User names.

I've got several web servers that at times I need to know dates and times that a specific user, or handful of users were connected.  I easily do this by running the following PowerShell command on the specific web servers:

get-eventlog security -newest 1000 | select-object TimeGenerated,EntryType,EventID,UserName | where-object {$_.UserName -eq "Domain\UserName"} | group-object TimeGenerated,Username

The problem is, this only works on Windows 2003, and for the life of me, I can't figure out what properties I need to pull to get the same information on my 2008 servers.

Any assistance you can provide would be greatly appreciated.

  • 2
1 Solution
I think your problem is that they (for whatever reason) moved the user name to the actual message. IIRC, It is no longer the event user.

I suppose your best bet is RegEx'ing the message field
sermanreAuthor Commented:
That was the same conclusion I had come up with. :( I guess it's time to figure out how to use RegEx.  I'll leave this open a for a few days just in case someone else comes up with an alternative.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now