LogParser - Audit User Logons

Hello...

I would like to  parse the security logs of our domain controllers {2003} and generate daily reports about success / failed login attempts.   Gathering the needed log entries seems pretty strait forward...   What I could use some help on is some of the other queries.   To be more specific...
I would like to ...

- Parse a few domain controllers remotely from a central box and return logon events {success/failed} into a csv file at this point.
- Run a query to return Failed logins for the last 24 hours.
   - Count the number of times per user
   - Count the number of times per requesting location {ie user's machine}
- Run a query to return Successful logins for the last 24 hours.
   - Count the number of times per user
   - Count the number of times per requesting location {ie user's machine}
- Generate an html report with results of prior queries.   I would really be looking for the top 10/25 results for success and failed at this point.

In the end I would like to build an automatic process that does this on a daily basis and then presents the pages to IIS for other folks to look at as needed.   I don't need a fully built process on this {although I wouldn't complain :) }  just some examples to get me started.    My experience with logparser is a bit thin but it looks very promising for what I need...
LVL 1
fertigjAsked:
Who is Participating?
 
DonNetwork AdministratorCommented:
0
 
DonNetwork AdministratorCommented:

 This may be of use to you


Log Parser Lizard GUI (free edition)

 
http://www.lizardl.com/PageHtml.aspx?lng=2&PageId=18&PageListItemId=17 
0
 
DonNetwork AdministratorCommented:
Also did you bail on your other question ID:24347575 ?
0
 
fertigjAuthor Commented:
Nope...  didn't bail on this question  :) .   I just thought it would be prudent to ask this as a different question.   While looking at logparser I found that I can directly query Event logs.    I looked at logparser quite a while back {2.0} and it was not able to do query event logs{at least to my knowledge}.   This is why I started with the idea to pull everything with EventCombMT and then parse.    Short version is...I think I should be able to do everything I need with Logparser alone...but I am still looking for some examples to get this started.    Once I figure out what I need I will make a note on the other question referring to this question.  Hopefully it will help someone else :)    

That said ...I did  install Log Parser Lizard and it was a good start for Logparser but I still am working/looking for the appropriate queries.    I think I am going to pick up "Microsoft Log Parser Toolkit" this week....  from there we will see.
0
 
fertigjAuthor Commented:
Along these lines...but something dealing with security events/logs/etc

Credit to SimonL-UK:
http://aspalliance.com/articleViewer.aspx?aId=1714&pId=-1

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.