Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to access security event logs with PowerShell and ADAudit Plus

Get-EventLog is a PowerShell command used to retrieve event logs from a a local or remote computer. It uses various parameters and property values to gather specific events. For example the '-list' parameter when added to the Get-EventLog cmdlet displays the available logs in the form of a list. A 'ComputerName' parameter specifies which remote computer to gather logs from. This method would require you to specify multiple parameters to display the events you want and it is time-consuming.

ADAudit Plus gives you a comprehensive look at your event logs with just a few clicks. The comparison below explains the procedure of retrieving your security event logs using PowerShell and using ADAudit Plus. Apart from a variety of in-depth reports you also have a powerful search functionality to identify specific events making it easier for you to track down anomalous behavior.

Windows PowerShell

Steps to retrieve security events in Windows PowerShell

  • Define the Get-eventlog cmdlet to retrieve event logs. A parameter of this cmdlet is '-list' which when specified fetches the list of event logs available locally.
  • Define which log you want to retrieve specifically; in this case the security log. Not specifying this parameter, would get you all the log events from multiple logs.
  • Define the date and time frame for the logs
  • Execute the script.

Code to retrieve security logs

$date = (get-date).adddays(-1)
get-eventlog security |
where \{$_.timewritten -gt $date\} |
out-file c:\security.txt
 Copied
Click to copy entire script

ADAudit Plus

Steps to retrieve security events in ADAudit Plus

  • Security logs comprise multiple events like, file or AD object modifications, account logon or logoff failures, permission changes.Login to ADAudit Plus web console using administrator credential.
  • You can navigate to the 'reports' tab and view 'user logon' and 'local logon/logoff' reports. These tabs offer you a number of event reports. You can use search filters to find a particular event within the report.
  • You can also navigate the 'file audit' and 'server audit' tabs to check out file modifications or 'folder permission changes'.

Screenshots:

powershell-security-log-audit-1
powershell-security-log-audit-2
powershell-security-log-audit-3

Why ADAudit Plus is the better solution for you?

  • Detailed logon activity reports that let you take a close look at user activity.
  • Create custom reports and receive real-time alerts.
  • Lists a variety of pre-configured reports so you can track changes to AD objects
  • ADAudit Plus allows you to export reports in the desired format with a single click easily.
  • Advanced filter options to save you the trouble of creating complex LDAP queries.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By