Specifies to create a text output report file. The filename, if not specified, is dumpfile.xml. The filename, if not specified, is summary.txt. Specifies to create a summary report text file. Specifies the System Report Level from 1 to 5.
Specifies to convert WPP payload timestamps to Greenwich Mean Time. Multiple paths can be used, separated by a semicolon ( ). The matching PDB will be located in the Symbol Server. Multiple paths may be used, separated by a semicolon ( ). Specifies which Trace Message Format definition file to use. It's not supported with -report or -summary. Specifies to add the report raw timestamp in the event trace header. Specifies to dump the interpreted event structure to the specified file. Specifies to create a Microsoft-specific counting/reporting schema file. Specifies to answer yes to all questions, without prompting. Specifies which settings file to load, which includes your command options. It also generates dump files, report files, and report schemas. Subject: ⇥Security ID: ⇥ ⇥S-1-0-0 ⇥Account Name: ⇥ ⇥- ⇥Account Domain: ⇥ ⇥- ⇥Logon ID: ⇥ ⇥0x0 Logon Type: ⇥ ⇥ ⇥3 Account For Which Logon Failed: ⇥Security ID: ⇥ ⇥S-1-0-0 ⇥Account Name: ⇥ ⇥ADMINISTRATOR ⇥Account Domain: ⇥ ⇥ Failure Information: ⇥Failure Reason: ⇥ ⇥Unknown user name or bad password.The tracerpt command parses Event Trace Logs, log files generated by Performance Monitor, and real-time Event Trace providers.
1 T18:50:16.967176+00:00 NXLOG-AGENT Microsoft-Windows-Security-Auditing 0x0 - Keywords="9227875636482146304" EventType="AUDIT_FAILURE" EventID="4625" ProviderGuid="" ExecutionProcessID="712" ExecutionThreadID="2452" Channel="Security" Category="Logon" Opcode="Info" SubjectUserSid="S-1-0-0" SubjectUserName="-" SubjectDomainName="-" SubjectLogonId="0x0" TargetUserSid="S-1-0-0" TargetUserName="ADMINISTRATOR" Status="0xc000006d" FailureReason="%%2313" SubStatus="0xc000006a" LogonType="3" LogonProcessName="NtLmSsp " AuthenticationPackageName="NTLM" WorkstationName="-" TransmittedServices="-" LmPackageName="-" KeyLength="0" ProcessName="-" IpAddress="XXXX" IpPort="0" EventReceivedTime=" 18:50:18" SourceModuleName="eventlog" SourceModuleType="im_msvistalog"] An account failed to log on.
0 kommentar(er)
