extract logon/logoff from Windows 2008 event logs

Hello,

Windows Server 2008 64-bit.

I'm looking for a way to parse logon/logoff activity for a specific user from the logon server's evtx files. I've checked out several snipets of batch and VBS files but have not been able to get them to work with evtx files.

Thanks,

Geoff
geoffdavisAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
VoloxConnect With a Mentor Commented:
There is the LogParser that MS makes available...
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

It not only will parse logs and let you search through them, it will allow you to do it for multiple source machines at the same time - so if you have multiple domain controllers, you can search the logs of all of them to find the entry you are looking for.

Check out the pre-built queries that are included (or at least they used to be included) that will help get you started.
0
 
VoloxCommented:
I think that raneeshcr gave a link to a valid thread and without feedback I have no reason to believe that my answer did not provide a viable solution.  I suggest a split of points between the two of us that responded to this questino.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.