通信人家园

标题: APG登陆日志如何提取？ [查看完整版帖子] [打印本页]

时间: 2014-11-6 11:52

作者: chendf24 标题: APG登陆日志如何提取？

客户要让我们从ALOG文件里提取出登陆APG的日志。请问如何才能提取出来？登陆APG的用户名是administrator，请问下面是不是我们手动登入/登出的日志？

082;2014-11-05;174238;sec;;WLGS14AP1D\Administrator;;1;1653827;WLGS14AP1A;;0000000561;EventID: 528

Source: Security

Category: Logon/Logoff

Type: Success Audit

Description:

Successful Logon:

User Name: Administrator

Domain: WLGS14AP1D

LogonID: (0x0,0x2358B166)

Logon Type: 2

Logon Process: Advapi

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

WorkstationName: WLGS14AP1A

Logon GUID: -

Caller User Name: WLGS14AP1A$

Caller Domain: WLGS14AP1D

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 9240

Transited Services: -

Source Network Address: -

Source Port: -

082;2014-11-05;174240;sec;;WLGS14AP1D\Administrator;;1;1653827;WLGS14AP1A;;0000000211;EventID: 538

Source: Security

Category: Logon/Logoff

Type: Success Audit

Description:

User Logoff:

User Name: administrator

Domain: WLGS14AP1D

LogonID: (0x0,0x234D374D)

Logon Type: 2

如果是，登入的日志中Source Network Address为什么是空的？是因为用管控平台登陆winfiol的原因吗？

通信人家园 (https://www.txrjy.com/)