Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to access security event logs

IT administrators need to retrieve security events by type, filter it down by properties, and report findings. This enables them to stay on top of malicious activities, and ensure that Active Directory is running as expected.

This article compares how IT administrators can get the list of security event logs using PowerShell and ADAudit Plus.

Windows PowerShell

Steps to obtain the list of security event logs.

  • Identify the domain from which you want to retrieve the report.
  • Identify the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • Execute it in Windows PowerShell.

Sample Windows PowerShell script

get-eventlog security

This will give the list of all the security logs

get-eventlog security -newest 50

This will give the list of the 50 most recent security event logs.

get-eventlog security -newest 100 |
  where \{$_.entrytype -eq `
    "FailureAudit"\}

This gives the 100 most recent security event logs pertaining to event failures.

Sample output:

powershell-getevent-log-security-1

ADAudit Plus

To obtain the report,

  • Login to ADAudit Plus web console as an administrator.
  • Navigate to the Reports tab to view more than 20 different report categories on the left pane.
  • Under each of these categories, you will find a multitude of reports arranged in a logical fashion.
  • To view a particular report, just navigate to the report or use "/" to search for reports using keywords.
  • For example, to view a report on logon failures, navigate to Reports -> User Logon Reports -> Logon Failures
  • You may use the Export As option to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).
powershell-getevent-log-security-2

Following are the limitations to obtain a report of last logon on workstations using native tools like Windows PowerShell:

  • The script can be executed only from the computers which has Active Directory Domain Services role.
  • It's difficult to change date formats, and apply different time zones on the date results.
  • In case you need to report the findings in a different file format, you'll have to write a different script.
  • Applying more filters like OU or 'User name starts with' will increase the LDAP query complexity.
  • It doesn't report the findings in an intuitive or interactive format. It only lists the information that is asked, and there is no option to navigate into finer details.

ADAudit Plus will generate the reports of your choice when you need them. You can run these reports by navigating to the right area within the solution. With a few clicks, you can see all the security log-related information you need along with intuitive graphs and charts.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By