Access logs in Excel format

Obtain an Exce-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server.

This tip was submitted to the SearchWin2000.com Tip Exchange by member Todd Plesco. Let other users know how useful...

it is by rating the tip below.


Obtain an Excel-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server in your domain. Using the Resource Kit's dumpel.exe utility, you can create a file called stats.csv, then optionally convert the three digit access codes using FR.EXE (i.e. File Search/Replace Version 1.4 by Tony Provalov, built Dec. 16, 1999) to decipher the three digits to text of logon/logoff/badpasswords.

From command line, type:

{pdcservername}c$winntsystem32dumpel -f stats.csv 
     -s {servername} -l security -d 1 -format uIdt -c
From the command line, then run this code as a batch file:
@echo off
fr stats.csv "528" "console user logon    " stats1.csv
fr stats1.csv "538" "console user logoff   " stats.csv
fr stats.csv "540" "network user logon    " stats1.csv
fr stats1.csv "673" "service ticket granted" stats.csv
fr stats.csv "681" "network logon FAILURE " stats1.csv
fr stats1.csv "539" "account LOCKED OUT    " stats.csv
fr stats.csv "529" "BAD PASSWORD to log in" stats1.csv
fr stats1.csv "680" "account used to log in" stats.csv


This was first published in February 2002

Dig Deeper

PRO+

Content

Find more PRO+ content and other member only offers, here.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close