Security Basics mailing list archives
RE: Windows User Logon Times
From: Dave Kleiman <dave () davekleiman com>
Date: Thu, 7 Jan 2010 11:22:47 -0600
If you have logging enabled, use LogParser (free from MS). ---------------logon.sql--------------- SELECT TimeGenerated AS TimeGenerated, TO_LOWERCASE(EXTRACT_TOKEN(Strings,13,'|')) AS SourceAddress, TO_LOWERCASE(EXTRACT_TOKEN(Strings,0,'|')) AS User, TO_LOWERCASE(EXTRACT_TOKEN(Strings,6,'|')) AS WorkStation, TO_LOWERCASE(EXTRACT_TOKEN(Strings,9,'|')) AS CallerDomain, INTO SecEvtLogon.csv FROM security WHERE (EventID IN (528; 538; 540)) GROUP BY User,SourceAddress,CallerDomain,WorkStation,TimeGenerated ORDER BY TimeGenerated ASC ---------------logon.sql--------------- At the prompt C:\>logparser file:logon.sql Respectfully, Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com 4371 Northlake Blvd #314 Palm Beach Gardens, FL 33410 561.310.8801 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Steven Bonici Sent: Thursday, January 07, 2010 10:20 To: security-basics () securityfocus com Subject: Windows User Logon Times I did some searching, but I cannot seem to find an easy way of getting a list of a user logon times, not the most recent, but past. I need to try and produce some kind of report to get 1 particular user logon times. Can someone please help. Thanks - Steven ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Windows User Logon Times Steven Bonici (Jan 07)
- RE: Windows User Logon Times Dave Kleiman (Jan 07)
- Re: Windows User Logon Times Jeffrey Walton (Jan 07)
- Re: Windows User Logon Times Ali Asghar Toraby Parizy (Jan 07)
- Re: Windows User Logon Times securityalert1st (Jan 11)