How to access security event logs
Written by Lakshmi, IT security team, ManageEngine Updated on November 2025
IT administrators need to retrieve security events by type, filter it down by properties, and report findings. This enables them to stay on top of malicious activities, and ensure that Active Directory is running as expected.
This article compares how IT administrators can get the list of security event logs using PowerShell and ADAudit Plus.
Windows PowerShell
Steps to obtain the list of security event logs.
- Identify the domain from which you want to retrieve the report.
- Identify the LDAP attributes you need to fetch the report.
- Identify the primary DC to retrieve the report.
- Compile the script.
- Execute it in Windows PowerShell.
Sample Windows PowerShell script
This will give the list of all the security logs
get-eventlog security -newest 50
This will give the list of the 50 most recent security event logs.
get-eventlog security -newest 100 |
where \{$_.entrytype -eq `
"FailureAudit"\}
This gives the 100 most recent security event logs pertaining to event failures.
Sample output:
ADAudit Plus
To obtain the report,
- Login to ADAudit Plus web console as an administrator.
- Navigate to the Reports tab to view more than 20 different report categories on the left pane.
- Under each of these categories, you will find a multitude of reports arranged in a logical fashion.
- To view a particular report, just navigate to the report or use "/" to search for reports using keywords.
- For example, to view a report on logon failures, navigate to Reports -> User Logon Reports -> Logon Failures
- You may use the Export As option to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).
Following are the limitations to obtain a report of last logon on workstations using native tools like Windows PowerShell:
- The script can be executed only from the computers which has Active Directory Domain Services role.
- It's difficult to change date formats, and apply different time zones on the date results.
- In case you need to report the findings in a different file format, you'll have to write a different script.
- Applying more filters like OU or 'User name starts with' will increase the LDAP query complexity.
- It doesn't report the findings in an intuitive or interactive format. It only lists the information that is asked, and there is no option to navigate into finer details.
ADAudit Plus will generate the reports of your choice when you need them. You can run these reports by navigating to the right area within the solution. With a few clicks, you can see all the security log-related information you need along with intuitive graphs and charts.
