API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 28th, 2017
75
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.47 KB | None | 0 0
raw download clone embed print report
  1. SELECT timegenerated, EXTRACT_TOKEN(Strings,1,'|') AS rec, EXTRACT_TOKEN(Strings,0,'|') AS user, SID, CASE EXTRACT_TOKEN(Strings,3,'|')
  2. WHEN '2' THEN 'local'
  3. WHEN '3' THEN 'network'
  4. WHEN '5' THEN 'administrative'
  5. WHEN '7' THEN 'unlock' END AS type, EventID,
  6.  
  7. CASE EXTRACT_TOKEN(Strings,6,'|')
  8. WHEN rec THEN ''
  9. ELSE EXTRACT_TOKEN(Strings,6,'|') END
  10.  
  11. INTO Report\%param%.csv
  12. FROM Events\secur.evt WHERE EventID IN (528;540)
  13. AND
  14. type = '%param%'
  15. ORDER BY timegenerated DESC
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!