Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1247
  • Last Modified:

Powershell command to extract security log events

I'm trying to write a powershell script that will extract info from the security logs of event type 4728 and 4729. The script is ok, but the message field includes the entire message field.
What I am interested are just these parts: the heading, subject account name, member account name, group name.
So, it would look like this:
A member was added to a security-enabled global group.
Account Name:      Admin.
Account Name:      CN=username,OU=Users,DC=domain,DC=com
Group Name: Administrators
 
Any help appreciated.


Get-EventLog "Security"| Where-Object {$_.EventID -eq 4728 -or $_.EventID -eq 4729} | Select TimeGenerated, message | export-csv c:\test.csv

Open in new window

0
sherryfitzgroup
Asked:
sherryfitzgroup
2 Solutions
 
Dale HarrisProfessional Services EngineerCommented:
I haven't got the working script for this yet, but your starting point is using Select-String.

So output all of your info to a text file in a big block of info.  Then go through and do a Select String on your exported events that you care about.

Here's how you it would look once you had the text file in one big block:

get-content "BigFile.txt" | Select-string "Account","Group Name"

This would output every single Account line and Group Name line.

HTH,

Dale Harris
0
 
x-menIT super heroCommented:
you'll have to "work" the .substring()
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now