客户要让我们从ALOG文件里提取出登陆APG的日志。请问如何才能提取出来?登陆APG的用户名是administrator,请问下面是不是我们手动登入/登出的日志? 082;2014-11-05;174238;sec;;WLGS14AP1D\Administrator;;1;1653827;WLGS14AP1A;;0000000561;EventID: 528 Source: Security Category: Logon/Logoff Type: Success Audit Description: Successful Logon: User Name: Administrator Domain: WLGS14AP1D LogonID: (0x0,0x2358B166) Logon Type: 2 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 WorkstationName: WLGS14AP1A Logon GUID: - Caller User Name: WLGS14AP1A$ Caller Domain: WLGS14AP1D Caller Logon ID: (0x0,0x3E7) Caller Process ID: 9240 Transited Services: - Source Network Address: - Source Port: - 082;2014-11-05;174240;sec;;WLGS14AP1D\Administrator;;1;1653827;WLGS14AP1A;;0000000211;EventID: 538 Source: Security Category: Logon/Logoff Type: Success Audit Description: User Logoff: User Name: administrator Domain: WLGS14AP1D LogonID: (0x0,0x234D374D) Logon Type: 2 如果是,登入的日志中Source Network Address为什么是空的?是因为用管控平台登陆winfiol的原因吗?
|