Access logs in Excel format

Obtain an Exce-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server.

This tip was submitted to the Tip Exchange by member Todd Plesco. Let other users know how useful it is by rating the tip below.

Obtain an Excel-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server in your domain. Using the Resource Kit's dumpel.exe utility, you can create a file called stats.csv, then optionally convert the three digit access codes using FR.EXE (i.e. File Search/Replace Version 1.4 by Tony Provalov, built Dec. 16, 1999) to decipher the three digits to text of logon/logoff/badpasswords.

From command line, type:

{pdcservername}c$winntsystem32dumpel -f stats.csv 
     -s {servername} -l security -d 1 -format uIdt -c
From the command line, then run this code as a batch file:
@echo off
fr stats.csv "528" "console user logon    " stats1.csv
fr stats1.csv "538" "console user logoff   " stats.csv
fr stats.csv "540" "network user logon    " stats1.csv
fr stats1.csv "673" "service ticket granted" stats.csv
fr stats.csv "681" "network logon FAILURE " stats1.csv
fr stats1.csv "539" "account LOCKED OUT    " stats.csv
fr stats.csv "529" "BAD PASSWORD to log in" stats1.csv
fr stats1.csv "680" "account used to log in" stats.csv

This was last published in February 2002

Dig Deeper on Microsoft Office Suite



Find more PRO+ content and other member only offers, here.

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Great security script. Thank you.
That's a very nice example of creativity. Good old command line tools sometimes still beat fancy UI's!
Nice. How often we forget the command line tools.