I’m a fixlet newby. Need a hand with writing a fixlet I run daily against windows servers to extract any event id 504 from the security log into a file, will then pull file back with Archive Manager.
I have the following that pulls the data I want from the event log.
Q: (computer of it, time generated of it) of (records of security event log) whose (event id of it = 504)
A: xxxTEM01, ( Mon, 05 Dec 2011 22:04:32 +1100 )
A: …
Now I want to filter out anything but events that happened today.
In your case though you would have to compare the date of the “time generated” to current date. So you will add an “AND” in your whose/it clause.
q: (computer of it, time generated of it) of (records of security event log) whose (event id of it = 4624 AND ((date (local time zone) of time generated of it )=(current date)))
A: ADMINIB-R8CJF76, ( Tue, 29 Jan 2013 08:06:49 -0600 )
A: ADMINIB-R8CJF76, ( Tue, 29 Jan 2013 08:06:50 -0600 )
A: ADMINIB-R8CJF76, ( Tue, 29 Jan 2013 08:06:50 -0600 )
A: ADMINIB-R8CJF76, ( Tue, 29 Jan 2013 08:06:51 -0600 )