http://forums.iis.net/search/SearchResults.aspx?o=DateDescending&tag=JScript+EventLogInputFormat+resolveSIDs&orTags=0Search results matching tag 'JScript EventLogInputFormat resolveSIDs'en-USCommunityServer 2007 SP1 (Build: 20510.895)http://forums.iis.net/p/1145050/1876127.aspx#1876127Thu, 07 Aug 2008 07:15:05 GMT50bcf3b4-f6fe-4638-adff-0c150e922e99:1876127cvengeleninput_formats-51<p>[quote user=&quot;Anonymous&quot;] <p>Regarding Jr&#39;s problem: try with &quot;oEVTInputFormat.resolveSIDs = True&quot;. When you say it doesn&#39;t work, what do you mean? Does CScript give you an error, or just you don&#39;t see SID&#39;s being resolved? <p>[/quote]</p> <p>I&#39;m using JScript to execute a query on Security event logs, and use the following lines to resolve the SID&#39;s (taken from the Log Parser Help file):</p> <p>//Create EventLog input format<br />var objEventLogInputFormat = new ActiveXObject( &quot;MSUtil.LogQuery.EventLogInputFormat&quot; );<br />// Resolve SIDs<br />objEventLogInputFormat.resolveSIDs = true;<br /></p> <p>However, this does not work, since the SID in my output is not resolved. I use the followinq query:</p> <p>SELECT RecordNumber, SourceName, TimeGenerated, SID, ComputerName, EXTRACT_TOKEN(Strings, 13, &#39;|&#39;) as SourceNetworkAddress, Message&nbsp; FROM R:\temp\LogQueryWorkDir\Security.2008-07-02-16-50-42.evt WHERE eventID = 528&nbsp; ORDER BY RecordNumber, TimeGenerated</p> <p>and the output , which I generate with the toNativeString method, still shows the SID unresolved I removed everything after the SID for safety):</p> <p>7, Security, 2008-07-02 10:16:22, S-1-5-21-2046926873-3586635073-1646930892-2756, ......</p> <p>Is this caused by using the&nbsp;&nbsp;toNativeString method?</p> <p>&nbsp;</p>