Need Help to extract information from Windows Security Event log

Hi Everyone,
My challenge is to create a script that queries the Security event log for event id 4624 , logon type 2 and 10, then export the result to file, hopefully tab limited.
I need the time - date - User Account - Workstation - IP address - Logon Type.
I have had a go, checking out other advice from other questions, but i'm just not getting what I want.
Kind regards,
Andrew

A good point to start is get-eventlog with where clauses.
For example:
get-eventlog -log security  | where {$_.eventID -eq 4624}
So you want to get the entire security log, and then filter it client side? (Some of these logs can be massive).
I would recommend Get-WinEvent with -FilterHashTable (Filter on the left) which will filter against the log directly.
http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/24/use-powershell-cmdlet-to-filter-event-log-for-easy-parsing.aspx
You might have admin rights issues accessing the security logs.
You're right - my answer was only a first step to try "get-command *event" and eventually get-help.....

Similar Messages

  • How to extract information from client security certificates and display it

    Hi guys,
    just wanted to know is it possible to extract information from an digital security certificate and get that displayed on top level navigation of the portal. So for ex. I want to extract the clients name and code and area from where they come from to be displayed on top level.
    thanks
    anton

    RoopeshV wrote:
    Hi,
    The below code shows how to read from txt file and display in the perticular fields.
    Why have you used waveform?
    Regards,
    Roopesh
    There are so many things wrong with this VI, I'm not even sure where to start.
    Hard-coding paths that point to your user folder on the block diagram. What if somebody else tries to run it? They'll get an error. What if somebody tries to run this on Windows 7? They'll get an error. What if somebody tries to run this on a Mac or Linux? They'll get an error.
    Not using Read From Spreadsheet File.
    Use of local variables to populate an array.
    Cannot insert values into an empty array.
    What if there's a line missing from the text file? Now your data will not line up. Your case structure does handle this.
    Also, how does this answer the poster's question?

  • Need help in extracting value from an xml tag.

    Hi ALL,
    Good Morning to all, i have problem in fetching a value from a xml tag. I have created a xml schema based on the schema i have created a xmltype table and inserted a value to the table. When i am trying to fetch a value from a particular tag i am unable to do so.. Kindly help me to solve this. Here by i am posting all the workings i have done...
    I am using the following client:
    SQL*Plus: Release 10.2.0.1.0 - Production on Mon Jan 31 11:44:59 2011
    Copyright (c) 1982, 2005, Oracle. All rights reserved.
    Connected to:
    Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
    With the Partitioning, OLAP and Data Mining options
    ////////////////////////////////// XML Schema ///////////////////////
    begin
    dbms_xmlschema.registerSchema(
    'http://www.oradev.com/chipsxml.xsd',
    '<schema xmlns="http://www.w3.org/2001/XMLSchema"
    targetNamespace="http://www.oradev.com/chipsxml.xsd"
    xmlns:samp="http://www.oradev.com/chipsxml.xsd"
    version="1.0">
    <element name="Field1">
    <complexType>
    <sequence>
         <element name="UTI">
              <complexType>
              <sequence>
              <element name = "U01" type = "string"/>
              <element name = "U02" type = "string"/>
              <element name = "U03" type = "string"/>
              <element name = "U03a" type = "string"/>
              <element name = "U03b" type = "string"/>          
              <element name = "U03c" type = "string"/>          
              <element name = "U04" type = "string"/>                    
              <element name = "U05" type = "string"/>                    
              </sequence>
              </complexType>
         </element>
    </sequence>
    </complexType>
    </element>
    </schema>',
    TRUE, TRUE, FALSE, FALSE);
    end;
    ////////////////////////// Table which has multiple Column //////////////////////////
    CREATE TABLE chipsxmltable1 (
    id number, XMLDATA XmlType)
    XMLTYPE XMLDATA STORE AS OBJECT RELATIONAL
    XMLSCHEMA "http://www.oradev.com/chipsxml.xsd"
    ELEMENT "Field1";
    ///////////////////////////////// Insert Query in chipsxmltable //////////////////////////
    INSERT INTO chipsxmltable VALUES(
    xmltype.createxml('<?xml version="1.0"?>
    <samp:Field1 xmlns:samp="http://www.oradev.com/chipsxml.xsd" >
    <UTI>
    <U01>No</U01>
    <U02>Y</U02>
    <U03>Y</U03>
    <U03a>Y</U03a>
    <U03b>Y</U03b>
    <U03c>Y</U03c>     
    <U04>Y</U04>
    <U05>Y</U05>          
    </UTI>
    </samp:Field1>'));
    To show the data as a field with structure:
    1. Query:
    Select * from chipsxmltable1;
    Output:
    ID XMLDATA
    1 <?xml version="1.0"?>
    <samp:Field1 xmlns:samp="http://www.oradev.com/chipsxml.xsd">
    <UTI>
    <U01>No</U01>
    <U02>No</U02>
    <U03>Y</U03>
    <U03a>Y</U03a>
    <U03b>Y</U03b>
    <U03c>Y</U03c>
    <U04>Y</U04>
    <U05>Y</U05>
    </UTI>
    </samp:Field1>
    2. Query: (Both the query displays the same Output)
         SELECT X.xmldata.getClobVal() "XMLDATA" FROM chipsxmltable1 X;
         select extract(XMLDATA, '/Field1').getstringval() "XMLDATA" from chipsxmltable1 x;
    Output:
    XMLDATA
    <?xml version="1.0"?>
    <samp:Field1 xmlns:samp="http://www.oradev.com/chipsxml.xsd">
    <UTI>
    <U01>No</U01>
    <U02>No</U02>
    <U03>Y</U03>
    <U03a>Y</U03a>
    <U03b>Y</U03b>
    <U03c>Y</U03c>
    <U04>Y</U04>
    <U05>Y</U05>
    </UTI>
    </samp:Field1>
    To show the data as a single string without structure using "getstringval()":
    3. Query
         select extract(XMLDATA, '//text()').getstringval() "CHIPS - XML" from chipsxmltable1 x;
    OUtput:
    CHIPS - XML
    NoNoYYYYYY
    To show the data as a single string without structure using "getclobval()":
    4.Query
         select extract(XMLDATA, '//text()').getClobVal() "CHIPS - XML" from chipsxmltable1 x;
    Output:
    CHIPS - XML
    NoNoYYYYYY
    To show the data in a particular tag with/Without structure (Which is not working) using "EXTRACT" function:
    6.Query:
         select extract(XMLDATA, '/Field1/text()').getstringval() "XMLDATA" from chipsxmltable1 x;
         select extract(XMLDATA, '/Field1/UTI').getstringval() "XMLDATA" from chipsxmltable1 x;
         select extract(XMLDATA, '/Field1/UTI/U01').getstringval() "XMLDATA" from chipsxmltable1 x;
         select extract(XMLDATA, '/Field1/UTI/U01/text()').getstringval() "XMLDATA" from chipsxmltable1 x;
    Output:
    CHIPS - XML
    The above queries are not fetching the value.
    To show the data in a particular tag with/Without structure (Which is not working) using "EXTRACTVALUE" function:
    7. Query:
         select extractValue(XMLDATA, '/Field1/UTI') "XMLDATA" from chipsxmltable1 x;
         select extractValue(XMLDATA, '/Field1/UTI/U01') "XMLDATA" from chipsxmltable1 x;
    Output:
    X
    The above queries are not fetching the value.
    My question is:
    How to fetch values from xml tag when the value are inserted through xml schema?
    Apologies if the description is not clear. Kindly let me know if further details are needed. Many thanks for your help.
    Very best regards,
    Godwin Jebakumar C.V.

    Hi,
    You need to declare the namespace of each element used in the XPath expression, like this :
    SQL> select extractvalue( XMLDATA
      2                     , '/samp:Field1/UTI/U01'
      3                     , 'xmlns:samp="http://www.oradev.com/chipsxml.xsd"' ) "XMLDATA"
      4  from chipsxmltable1 x
      5  ;
    XMLDATA
    No
    SQL> select extract( XMLDATA
      2                , '/samp:Field1/UTI'
      3                , 'xmlns:samp="http://www.oradev.com/chipsxml.xsd"'
      4                ).getstringval() "XMLDATA"
      5  from chipsxmltable1 x
      6  ;
    XMLDATA
    <UTI>
      <U01>No</U01>
      <U02>Y</U02>
      <U03>Y</U03>
      <U03a>Y</U03a>
      <U03b>Y</U03b>
      <U03c>Y</U03c>
      <U04>Y</U04>
      <U05>Y</U05>
    </UTI>
    Please see EXTRACT and EXTRACTVALUE documentation :
    http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/functions051.htm#i1006712
    http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/functions052.htm#SQLRF06173
    BTW, "XMLDATA" is a pseudo-column used by Oracle. I don't know if it'll ever cause any conflict but maybe you should rename your column.
    http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/pseudocolumns010.htm#SQLRF00256
    Regards.

  • Need Help To Extract Logo from Flash File .swf

    I have an attached Flash file that is in
    .swf format. There is a N64 logo within this file that I'm
    trying to extract as a
    .png with a transparent background. I've been able to open
    it in a program called
    Flash Decompiler Trillix and in the sub-menus it has the
    logo listed as a frame.
    This is about as far as I have gotten and I'm stuck. Perhaps
    someone else knows how to do this a little easier. I just need to
    find a way to extra the logo that already has a transparent
    background and save it in
    .png format.
    Any help here would be hot." ;)
    Logo Flash
    File .swf

    Hello,
    I ran into a similar problem a few months ago. I have the
    Sothink Flash Decompiler and what I did was turn the SWF back into
    a FLA. I then opened it in Flash and then exported what I wanted as
    a PNG image.
    Decompilers can extract the actual image whether it be jpeg,
    gif, png, etc. But when it's listed as a frame(as you mentioned
    above) then the method above is probably the best way to get it.
    Good luck

  • Need Help Restoring Snow Leopard from Windows 7

    Hello, My Kid Cousin Installed Windows 7 On My mac and formated/deleted everything from the hdd. Luckily i still have my timemachine backups on a external hdd. I was wondering how do i go about reinstalling Snow Leapord on My Mac Pro? I'm running Windows 7 on it now. Thank You

    Insert the Snow Leopard install DVD into the DVD drive and reboot the system. Hold down the c key or the Option key and then select the DVD disc as the startup option or with the C key it should boot to the DVD Snow Leopard Install disc. Repartition the drive using Disk Utility as One partition with a format of Mac Extended (Journlaed) with a partition table of GUID and name the drive Macintosh HD. Then click Apply. After that is done exit DU and select Retore from Time Machine Backup (Have the TM drive connected before you Reboot the system) after a period of time SL and all your stuff will be restored.

  • I need HELP converting my iPod from Windows to Mac

    Anyone know how to do it??? Can I rip my music from my Windows iPod onto my Mac before reformatting my iPod to Mac?

    To format an iPod to a different OS tpye, all you ned to do is restore the iPod in iTunes : Restoring your iPod to factroy settings
    If your iPod is in Windows format, you can connect and sync it on a Mac computer, but you can't update the iPod's firmware unless it is formatted to a Mac, though.
    Can I rip my music from my Windows iPod onto my Mac before reformatting my iPod to Mac?
    Yes, you can.
    Senuti is a free third-party utility that transfers your iPod songs to your computer (it's Mac-compatible).
    -Kylene

  • Need Help in Extracting result from Oracle BI 11g to Exter apps.

    Hi,
    The Web Services Bridge invoker which used to work on 10g doesn't work on 11g anymore.
    what happens is - my Bridge servlet successfully processes all static content (.js, .gif)
    but when it gets to http://10.180.82.65:9704/analytics/saw.dll?ajaxGo
    didn't process further. so it gives SEARCHING Image only.
    If I copy that http://10.180.82.65:9704/analytics/saw.dll?ajaxGo into a browser I get login screen and after login, some script chunk but at least it gets downloaded.
    The Html Content appears through the webservice is as follows
    <noscript>To use Oracle BIEE, please enable javascript in your browser.</noscript><script type="text/javascript" src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fb_mozilla%2fbrowserdom.js"></script><script type="text/javascript">saw.doFrameBust(1);function sawC2U(s){return "/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fsaw.dll%3f__xyz__".replace("__xyz__",s);}function sawP2U(s){return "/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fsaw.dll%2f__xyz__".replace("__xyz__",s);}var sawEmptyHtm="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fempty.htm";var obips_fmapId="KqIJCw";var obips_scid="6gaFMRf8xoFQgHgOvSAS";var obips_maxStylesheets=100;var g_LocaleInfo={sDateSeparator:"/",sTimeSeparator:":",sDecimalPoint:".",sThousandsSeparator:",",sAM:"AM",sPM:"PM",b24:false,sDateOrder:"mdy",nFDOW:6,nYearPadding:4,nMonthPadding:2,nDayPadding:2,nHourPadding:2,sListSeparator:",",sNegativeNumberTemplate:"-#"};var obips_seeded_res = [{p:"styleproperties.res",v:{exprs:{"dialogHelpPosition":"footer","shuttleButtonSpace":"false","shuttleButtonLabel":"true","shuttleTableCellSpace":"0"}}}];</script><script type="text/javascript" src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fb_mozilla%2fcommon%2fobips.ImportMeFirst.js"></script><script type="text/javascript" src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fb_mozilla%2fcommon.js"></script><script type="text/javascript" src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fb_mozilla%2fviewhelper.js"></script><script type="text/javascript" src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fb_mozilla%2fcommon%2fobips.JavaScriptExtensions.js"></script><script type="text/javascript" src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fb_mozilla%2fcommon%2fajax.js"></script><script type="text/javascript" src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fb_mozilla%2fcommon%2fondemandload.js"></script>
    <div id="reportID" Effective_reportID_ReportObj_ID="reportID_ReportObj" >
    <img class="SrchImg" border=0 src="/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fres%2fs_blafp%2fviews%2fsearching.gif"></div>
    <SCRIPT type="text/javascript">
         reportID_ReportObj = new saw.ondemandload.EmbededReport('reportID');
         var reportObject = reportID_ReportObj;
         reportObject.setSearchId('arouv2q8felcg8d8s00dk412de');
         reportObject.setAjaxGoUrl('/BI11Soap/BridgeServlet?RedirectURL=http%3a%2f%2f10.180.82.65%3a9704%2fanalytics%2fsaw.dll%3fajaxGo');
         reportObject.show();
    </SCRIPT>
    Any ideas ? Pls Reply ASAP
    Its urgent
    Thank a lot in Advance
    Edited by: user13351567 on Jul 17, 2011 11:18 PM

    I got the same error. But it is solved now. At least it is working now.
    What you have to do is to add some cookie value hardcoded with the request. This cookie value should be hardcoded before calling the OBIEE service.
    You can do this in following way (There must be some better way to do this).
    Write one servlet before calling the OBIEE service and add following to the servlet http response.
    Cookie cookie = new Cookie("ORA_COOKIE_NQID",sessionID);
    response.addCookie(cookie);
    After setting this call OBIEE service.
    It should work now.

  • Programatically extract information from PDF

    I am very green to Adobe/Java programming, so this is just a plausibility question not really a how to question.  Is it possible to take text from a PDF document that isn't a form?  I have heard about  database integration with forms  but what if the document doesn't have recoginzed fields?
    The department of labor has an online form that prints to PDF.  Much of the information that is typed there must be re-typed over and over again in communications with employers.  I'm wondering if we could take the information from the PDF and put it in a database to be merged in our office-created forms.
    Sorry if my question is totally out there and thanks for any help.

    I am scadoosh, but not iluvtofly.  The information is in the same place in the forms. I could send the form if that is helpful.  It is a form that we have to fill and submit online.  We were hoping we could implement a solution where we could either extract information from the form that has been "printed to pdf" or the opposite, where we would fill in a database and programmatically fill the form.
    When you say an Adobe LiveCycle product, what is that?  Is it software or hardware?  Would we have to purchase something in addition to Adobe Acrobat?  What do we need to implement such a solution?
    Are there Adobe people who design custom products?  Or could we get training somewhere on how to implement an Adobe LiveCycle solution.  If there are custom designers,  could they implement a solution so that if the government moved fields a little bit, we could adjust the LiveCycle solution to fit the new form.
    Thanks!

  • Extracting information from Microsoft Acces

    Hello
    I need help, how do I extract information from tables in a database of Microsoft Access to SAP BW?
    If there is a manual please will thank you.
    Nandirri

    Please check if your client have XI or PI consultant, discuss with them.
    Regards,
    Sushant

  • Extracting information from a table based on different criteria

    Post Author: shineysideup
    CA Forum: Formula
    Hi Folks
    I have a bit of a strange one here.
    I need to extract information from a single table based on different critera.
    Sounds simple enough but here's the tricky part.
    This table is a table that contains the build of a product. All the parts that are used to make the product and also the sub-parts that are used to make the primary product parts.
    Example:
    I have a part that is in the product and the part no is 1111. This part is actually part of another part that is part no 1112
    What I need to do is display part no 1111 with all of its details but then also show that it is also part of part no 1112.
    The way the table holds this information is as follows.
    Seq_No      Parent_Seq_No     Part_No
    The seq_no is item no that is given to the part number. If the part is a member of another part then there is also a parent_seq_no.
    Everything needs to tie back to the seq_no and the parent_seq no as the part itself can be used in a parent or it can be used on its own. This way you can actually have the same part appearing in the list several times but the seq_no will be different for each one. If the part can be used in two different sub-builds (with each part being used twice in each sub-build) and also on its own once then you would have 5 different seq_nos two parent_seq_nos.
    What I need to do is to list all of the parts but then also when a part is part of a parent_seq_no I need to be able to display the parent seqno but also the part_no for that as the parent would also be listed as an individual item in the part list.
    At the moment listing the part_no, seq_no and parent_seq_no is easy but when I try to list the part_no for the parent I jsut keep getting the original sub part again. I can do this with a sub-report but with what I need to do with the data after listing the parts a sub-report is not an option for me.
    This make sense?
    Thanks

    Post Author: Charliy
    CA Forum: Formula
    As long as the chain only goes one link deep, you should be able to Alias the table and link it (left outer)  from the child part to the parent part.  Then build a Detail B (or Group Footer if that's where you're printing) and conditionally suppress is if there is no "Parent Part".

  • How to design plug-in which extract information from file opened in illustrator

    Hi Everyone,
    I want to design a plug-in in adobe illustrator which could extract information from pdf file which is opened in illustrator.
    Can anyone give me direction from where could I start.??
    Thanks in advance.

    This is very difficult in any API because there are no tables in PDF.
    If the table is at a known exact location you would extract text from each known cell location
    If you have to discover tables you need to decide how to recognise them: perhaps by looking for drawn lines and analysing their relationship to see if they form a grid; then use the positions derived to get the text from the table.

  • How do I extract pages from a Secured PDF file

    How do I extract pages from a Secured PDF file?

    Adobe would call that hacking, and don't allow discussion of it in this forum. You should contact the copyright holder and see if they are prepared to release the password, or an unsecured document, to you. If it's something made for you like a bank statement you should tell the bank how inconvenient their choices are.

  • I need help to transfer CS4 from a dead G5 to a new Macbook Pro. Can't find my program discs but purchased CS4 in 2008 and have record of it.

    I need help to transfer CS4 from a dead G5 to a new Macbook Pro. Can't find my program discs but purchased CS4 in 2008 and have record of it.

    Sounds like you got it installed and activated. Don't forget your updates.
    Adobe - Photoshop : For Macintosh
    Gene

  • Need help I can't install windows 7 to my SATA HD

    need help I can't install windows 7 to my SATA hard drive, when it gets to the part of selecting a drive partition to install windows it tells me my hardware does not support booting to this disk check that the disk's controller is enabled in the bios settings, I can't find any AHCI mode to switch to and RAID also did not solve my problem, bios version 786F1 v01.04

    Hi,
    You might get better assistance on the HP Enterprise Business Forum since you have a business class PC.
    HP DV9700, t9300, Nvidia 8600, 4GB, Crucial C300 128GB SSD
    HP Photosmart Premium C309G, HP Photosmart 6520
    HP Touchpad, HP Chromebook 11
    Custom i7-4770k,Z-87, 8GB, Vertex 3 SSD, Samsung EVO SSD, Corsair HX650,GTX 760
    Custom i7-4790k,Z-97, 16GB, Vertex 3 SSD, Plextor M.2 SSD, Samsung EVO SSD, Corsair HX650, GTX 660TI
    Windows 7/8 UEFI/Legacy mode, MBR/GPT

  • I need help to create  idoc from scrach.

    i need help to create  idoc from scrach.

    Swamy Katta,
    Please read "[the rules|https://www.sdn.sap.com/irj/sdn/wiki?path=/display/home/rulesofEngagement]" before you post any further, and confirm that you have read them?
    => Search first, ask questions later please!
    Julius

Maybe you are looking for