Access logs in Excel format

Obtain an Exce-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server.

This tip was submitted to the SearchWin2000.com Tip Exchange by member Todd Plesco. Let other users know how useful it is by rating the tip below.


Obtain an Excel-readable, comma-delimited security logon/logoff/lockout log file (.csv) of a server in your domain. Using the Resource Kit's dumpel.exe utility, you can create a file called stats.csv, then optionally convert the three digit access codes using FR.EXE (i.e. File Search/Replace Version 1.4 by Tony Provalov, built Dec. 16, 1999) to decipher the three digits to text of logon/logoff/badpasswords.

From command line, type:

{pdcservername}c$winntsystem32dumpel -f stats.csv 
     -s {servername} -l security -d 1 -format uIdt -c
From the command line, then run this code as a batch file:
@echo off
fr stats.csv "528" "console user logon    " stats1.csv
fr stats1.csv "538" "console user logoff   " stats.csv
fr stats.csv "540" "network user logon    " stats1.csv
fr stats1.csv "673" "service ticket granted" stats.csv
fr stats.csv "681" "network logon FAILURE " stats1.csv
fr stats1.csv "539" "account LOCKED OUT    " stats.csv
fr stats.csv "529" "BAD PASSWORD to log in" stats1.csv
fr stats1.csv "680" "account used to log in" stats.csv


This was first published in February 2002

Dig deeper on Microsoft Office Suite

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close