tonyflora63

Hi Does anyone know how to list the security log file success and failure audits? I can list the system and application log files but can't get it to work for the security log file. Thanks <EDIT /> Actually I fiured it out myself. WMIC is not that well documented so you have to play with it to figure things out. Here is the way to list security events by filtering: :SECURITY LOG WMIC NTEVENT WHERE "Type='audit success' and LogFile='Security'" GET LogFile,Type,Message,TimeGenerated /FORMAT:hform > reports\Seclog.htm WMIC NTEVENT WHERE "Type='audit failure' and LogFile='Security'" GET LogFile,Type,Message,TimeGenerated /FORMAT:hform > reports\Seclog.htm You use the "Where" statement and the "Type" and "LogFile" properties to specify the search criteria. Below are some examples for the System and Application logs: :Application Log WMIC NTEVENT WHERE "LogFile='Application' and type='warning'" GET LogFile,Type, Message,TimeGenerated /FORMAT:hform > reports\AppLog.htm WMIC NTEVENT WHERE "LogFile='Application' and type='Error'" GET LogFile,Type, Message,TimeGenerated /FORMAT:hform > reports\AppLog.htm :System Log WMIC NTEVENT WHERE "LogFile='System' and type='warning'" GET LogFile,Type, Message,TimeGenerated /FORMAT:hform > reports\SysLog.htm WMIC NTEVENT WHERE "LogFile='System' and type='Error'" GET LogFile,Type, Message,TimeGenerated /FORMAT:hform > reports\SysLog.htm This could probably be accomplished beter with powershell but unfortunately my work environment is limited as far as powerhell use goes. Once we migrate over to Windows 7 powershell will be readily available. Until then this works for me. Hope this is helpful to someone out there. Regards, Tony