-
Posted to
Input Formats
by
DirtySanchez
on
04-10-2009, 1:24 PM
Curious if anyone would know the the correct syntax for the below statement to show all event id's. The way I've written it below it only shows 540 (logon's), is there way for me to use the below code to show ALL event ID's?
"select
date,time,evtid,status,username,ip from
\\myserver\logs\logfile.csv where ip is not
null ...
-
Posted to
Input Formats
by
DirtySanchez
on
04-10-2009, 12:33 PM
Thanks for your reply, you are truely wise and all knowing and you have shown me the light. Thanks again for sharing your infinite wisdom and experience, I feel much smarter now and will utilize what I've taken in from your reply with me for seconds to come. One thing I didn't understand, perhaps you could answer, you ...
-
Posted to
Input Formats
by
DirtySanchez
on
04-09-2009, 7:22 PM
What the point? Absolutely worthless.
-
Posted to
Input Formats
by
DirtySanchez
on
04-08-2009, 4:05 PM
118 views total, wow completely unbelievable not one response yet? Is the question not understood? Is it beyond the technical know-how of this site? What's the point in a technical forum if there is little or no collaboration. It defeats the entire purpose.
-
Posted to
Input Formats
by
DirtySanchez
on
04-07-2009, 3:21 PM
47 Views and not one response? WOW!
-
Posted to
Input Formats
by
DirtySanchez
on
04-06-2009, 6:01 PM
Hello,
I'd like to write my statement so that it parses through my entire log and searches user's that have multiple log-on's from different IP address's for that user. For example, my present log format is as such:
The output would be similiar to what you see below in the ...
-
Posted to
General Discussion
by
DirtySanchez
on
02-26-2009, 10:42 AM
Hello,
I'm curious if it might be possible to do this. I have some logs that I'm auditing, however I'd like to show the "description" field from the user's AD account so that I can get a better idea as to what that user/computer function is. This would make for easier reading ...
-
Posted to
General Discussion
by
DirtySanchez
on
02-23-2009, 6:46 PM
that was the reason of my initial post, feed back is not provided for the most part that i've noticed on here when you post a question. look at the views to answered ratio.
-
Posted to
General Discussion
by
DirtySanchez
on
02-23-2009, 4:08 PM
so basically just writing it as such:
logparser -i:CSV "SELECT user, date, time, dc, computername FROM c:\LOGS\myfile.csv WHERE TO_INT(to_time(time)) BETWEEN 0 and 17999
The 0 and the 17999 do not need to rest inbetween ""
Also in the (to_time(time)) should I enter values there or just keep it like you ...
-
Posted to
General Discussion
by
DirtySanchez
on
02-23-2009, 2:26 PM
Hello,
I have some log files where I'd like to choose a WHERE clause to see what user's have logged in between a set time. This is what I have so far: For example, lets say I wanted to show all users that had logged in between 00:00:00 (midnight) and 00.05:00 (5:00am).
logparser -i:CSV ...