Scripting Blog [archived]

How Can I Retrieve Just Audit Failures, Warnings, and Errors from My Event Logs?

September 13, 2005 Sep 13, 2005 09/13/05

ScriptingGuy1

(image) Hey, Scripting Guy! How can I retrieve just audit failures, warnings, and errors from my event logs?-- OG(image) (image) (image) Hey, OG. You know, just for the heck of it, we decided to check the event logs on one of our computers to see whether this was a task worth doing. In the Security event log on this machine we had 42,815 ...

How Can I Retrieve Information From My Event Logs Regarding Unsuccessful Logons?

January 26, 2005 Jan 26, 2005 01/26/05

ScriptingGuy1

(image) Hey, Scripting Guy! How can I scan the event logs of my servers and return only information about unsuccessful logons?-- LC(image) (image) (image) Hey, LC. We’ll assume that you have enabled security auditing on your servers. If you haven’t, that’s step one. What you’ll want to do is - at a minimum - audit for logon event ...

How Can I Return Only the Last Record Written to an Event Log?

January 4, 2005 Jan 4, 2005 01/4/05

ScriptingGuy1

(image) Hey, Scripting Guy! How can I read only the last record written to an event log? In other words, what is the WMI equivalent to the SQL statement Select Top 1?-- KM(image) (image) (image) Hey, KM. Well, as it turns out WMI doesn’t have an equivalent to the Select Top command; for better or worse, the WMI Query Language (WQL) has ...

Hey, Scripting Guy! Can I Retrieve Just Failure Events from the Security Event Log?

October 26, 2004 Oct 26, 2004 10/26/04

ScriptingGuy1

(image) Hey, Scripting Guy! Is there a way to retrieve just Failure Audit events from the Security event log?-- KA(image) (image) (image) Hey, KA. Interesting, isn’t it: any time the subject is failure, people turn to the Scripting Guys. What makes you think we know anything about failure? Ok, you’re right: silly question. As far as ...