Access logs in Excel format

This tip was submitted to the SearchWin2000.com Tip Exchange by member Todd Plesco. Let other users know how useful it is by rating the tip below.

Obtain an Excel-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server in your domain. Using the Resource Kit's dumpel.exe utility, you can create a file called stats.csv, then optionally convert the three digit access codes using FR.EXE (i.e. File Search/Replace Version 1.4 by Tony Provalov, built Dec. 16, 1999) to decipher the three digits to text of logon/logoff/badpasswords.

From command line, type:

{pdcservername}c$winntsystem32dumpel -f stats.csv 
     -s {servername} -l security -d 1 -format uIdt -c
From the command line, then run this code as a batch file:
@echo off
fr stats.csv "528" "console user logon    " stats1.csv
fr stats1.csv "538" "console user logoff   " stats.csv
fr stats.csv "540" "network user logon    " stats1.csv
fr stats1.csv "673" "service ticket granted" stats.csv
fr stats.csv "681" "network logon FAILURE " stats1.csv
fr stats1.csv "539" "account LOCKED OUT    " stats.csv
fr stats.csv "529" "BAD PASSWORD to log in" stats1.csv
fr stats1.csv "680" "account used to log in" stats.csv


This was first published in February 2002

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top