how to get domain name, domain user name from active directory logs
11/22/2016 04:15:20 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4634
EventType=0
Type=Information
ComputerName=RIYSVSYM-006.KAMC-RD.ngha.med
TaskCategory=Logoff
OpCode=Info
RecordNumber=23190529
Keywords=Audit Success
Message=An account was logged off.
Subject:
Security ID: KAMC-RD\Binshbreenab
Account Name: Binshbreenab
Account Domain: KAMC-RD
Logon ID: 0x322998008
Logon Type: 3
Regards
Pradeep
Hi seetharamanPr,
your regex is (?ms)Account Name:\s(?<Name>\w*)\nAccount Domain:\s(?<Domain>.*)\nLogon\sID:\s(?<Logon_ID>\w*)
as you can see at https://regex101.com/r/Wmrdhy/1
Bye.
Giuseppe