I am trying to extract the privileges that are listed below, but i do not seem to be having luck with the rex that I have created. Here is the start of what I have done, but nothing is populating when I go to use it. : Privileges:\s(?
08/06/2012 09:39:01 AM
LogName=Security
SourceName=Security
EventCode=576
EventType=8
Type=Success Audit
ComputerName=M573
User=375026
Sid=S-1-5-21-1506843810-3018126377-2026399858-500
SidType=1
Category=4
CategoryString=Privilege Use
RecordNumber=850798
Message=Special privileges assigned to new logon:
User Name:
Domain:
Logon ID: (0x0,0x9149B)
Privileges: **SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege**
08/06/2012 09:39:01 AM
LogName=Security
SourceName=Security
EventCode=538
EventType=8
Type=Success Audit
How does this work for you?
Privileges:\s+(?