Hi,
I have a windows event that I want to search for in the event log using Powershell. I've got the basics but can't find how to drill further into the details. This is what I have so far:
get-eventlog security | where{$_.eventid -eq 4624 -and $_.message -match "Logon Type:\s+3"}The problem is in the event details I have the following:
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: test\administrator
Account Name: administrator
Account Domain: test
Logon ID: 0x318df67
Logon GUID: {0b843e34-532c-e4c2-9577-2ee19684f472}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name:
Source Network Address: 192.168.10.11
Source Port: 51446
How can I query for this information, as for example there are 2 instances of Security ID....
Thanks
James
Alter De Ruine
