Previous Next

• 08-08-2008, 9:27 AM

  mtndwaddict Joined on 08-08-2008, 1:24 PM Posts 2 mtndwaddict

  LogParser 2.2 - Capturing IAS logs with username and date Reply Contact Hello, I am fairly new to LogParser, infact really new.  I am trying to pull out information from the System events using the IAS source.  I have used the statement: logparser "SELECT * FROM C:\ias.evt WHERE EventTypeName='Warning event' AND SourceName='IAS'" -i:EVT I was using that to pull information straight from the IAS Source, but now I want to know if and how I can pull out where username=blah and date is between 07/01/08 and 07/05/08.  Any help is gladly appreciated! Thanks!

• 08-08-2008, 3:08 PM

  In reply to

  joelangley Joined on 07-20-2008, 2:37 PM Posts 82 joelangley	Re: LogParser 2.2 - Capturing IAS logs with username and date Reply Contact Try this...mod the date range and UserName logparser "SELECT * FROM C:\ias.evt WHERE EventTypeName='Warning event' AND SourceName='IAS' AND TimeGenerated > '2008-08-01 00:00:01' AND TimeGenerated < '2008-08-10 00:00:01' AND SID LIKE '%UserName%'" -i:EVT -resolveSIDs:ON

• 08-09-2008, 5:51 PM

  In reply to

  mtndwaddict Joined on 08-08-2008, 1:24 PM Posts 2 mtndwaddict	Re: LogParser 2.2 - Capturing IAS logs with username and date Reply Contact Thanks for the response joelangley!  I actually did somewhat close to what you suggested.  I saved it as a .sql file and I reference to run the file in a batch file I created to automate the whole process.  It works like a dream!!!  Thanks a lot for the info! -mtndwaddict

• 08-10-2008, 4:58 PM

  In reply to

  joelangley Joined on 07-20-2008, 2:37 PM Posts 82 joelangley	Re: LogParser 2.2 - Capturing IAS logs with username and date Reply Contact No problem, happy to help.