Stephen Ferrero StephenFerrero

## logparser.ps1
# Logparser


###############
# Security Log
###############

# Find Event id
& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"

## powershell_eventlog_parsing.ps1
#Security log
#============
####
#4624 - Logon & Logoff events successful
#4625 - Logon unsucceful

####
# Get usernames
Get-WinEvent -path .\Security.evtx | Where {$_.id -eq "4624"} | Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}| Select -ExpandProperty "#text" -Unique
# Get domains
	# Logparser


	###############
	# Security Log
	###############

	# Find Event id
	& 'C:\Program Files (x86)\Log Parser 2.2\LogParser.exe' -stats:OFF -i:EVT "SELECT * FROM 'Security.evtx' WHERE EventID = '5038'"
	#Security log
	#============
	####
	#4624 - Logon & Logoff events successful
	#4625 - Logon unsucceful

	####
	# Get usernames
	Get-WinEvent -path .\Security.evtx \| Where {$_.id -eq "4624"} \| Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").ItemOf(5)}\| Select -ExpandProperty "#text" -Unique
	# Get domains