Hi all, I am a complete noob when is comes to SQL.
I have a report set up to report failed log on event 4625, but I would like to parse information from the message:
Information I would like to have:
Account Name:
Account Domain:
Failure Reason:
Workstation Name:
Source Network Address:
Source Port:
Report code:
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Username,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblNtlog.Eventcode,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message,
tblNtlog.TimeGenerated
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Where tblNtlog.Eventcode = 4625 And tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc
