FREE: Zetetic.Events – Scan and filter event logs

• Author
• Recent Posts

Guest Author

If you want to write a guest post on 4sysops contact us.

Latest posts by Guest Author (see all)

• FREE: File Permissions Check – Compare folder and file permissions - Fri, Feb 20 2015
• FREE: ABC-Deploy – Software deployment and inventory - Wed, Apr 16 2014
• FREE: AD Permissions Reporter – View Active Directory permissions - Fri, Feb 7 2014

Submitted by Steve Kradel

It taps into the new 2008 / Windows 7 logging infrastructure when available, but will fall back to 2003 mode when necessary, and supports filtering on event IDs, and start and end dates, as well as text within the event message.

Zetetic.Events automatically discovers your environment's domain controllers, which makes it especially valuable for diagnosing login failures, account lockouts, and security audit events.

Here is an example:

ZeShell -e 4728-4758,after=19-July-2011
-----------------------------------------------------
Event ID:    4728
Level:       Information
Keywords:    Audit Success
Publisher:   Microsoft-Windows-Security-Auditing
Created:     7/20/2011 2:35:17 PM
Machine:     dc-1.demo.net
Log:         Security
Description: A member was added to a security-enabled global group.

Subject:
        Security ID:            S-1-5-21-950928700-2040260430-2032203972-500
        Account Name:           Administrator
        Account Domain:         DEMO
        Logon ID:               0x454d11

Member:
        Security ID:            S-1-5-21-950928700-2040260430-2032203972-187428
        Account Name:           CN=Uncle Fester,OU=ZetDemo,DC=demo,DC=net

Group:
        Security ID:            S-1-5-21-950928700-2040260430-2032203972-187514
        Group Name:             Global1
        Group Domain:           DEMO

Additional Information:
        Privileges:             -