Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to generate reports by analyzing event logs

Event logs can help administrators monitor the activities on their network. Event logs in Active Directory can be viewed using Event Viewer. However, if you need to generate reports by analyzing event logs, you will need additional tools — Windows PowerShell or any other Windows log analytics tool such as ADAudit Plus

While Windows PowerShell can only list the required logs, ADAudit Plus processes the logs from the source using an API, analyzes it, and and generates comprehensive and user-friendly reports in no time. If the 200+ pre-packaged reports don't exactly meet your need, you can also generate custom reports. Here is a comparison on getting event log reports via Windows PowerShell and ADAudit Plus.

Using Windows PowerShell

  • Identify the relevant domain.
  • Identify the events that you need the logs for.
  • Identify the DC which has the event logs relevant to you.
  • Compile the script.
  • Execute it in Windows PowerShell.
  • The report will be exported in the given format.
  • To export the report in a different format, modify the script accordingly.

Here is a sample script:

Get-EventLog -LogName  security -ComputerName Server 1 | Where-Object {$_.EventID -eq 4624} |
              Select-Object -Property *
Export-CSV “C:\Temp\UserLogonEventLog .CSV” 
-NoTypeInformation
 Copied
Click to copy entire script

Using ADAudit Plus

  • Click on Reports tab to select the report you wish to view.
  • Select the relevant domain and OU.
  • Click Export to export the report in the various formats listed (CSV, PDF, HTML, CSVDE, XLSX).

Here is a screenshot of a sample Recent User Logon Activity report -

powershell-windows-event-log-1
 

The following are the limitations of using Windows PowerShell to getevent logs from the domain:

  • We can run this script only from the computers which has Active Directory Domain Services role.
  • Changing date formats would require you to modify the script.
  • It is difficult to export the report in other formats.
  • Applying more filters would add to the complexity of the script.

ADAudit Plus on the other hand will swiftly generate reports by scanning all the DCs and these reports can be exported in multiple formats.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By