ok this site has been so helpful in the past will ask for help again. I am trying to a log from our cisco concentrator and parse out the information looking for all failed logon attemps. years ago i wrote pearl scripts like this but the cobwebs won't clear and since i am using a access database to report on information though vb would be better. I am looking for authenticaion failed.I highlighted the line i need to pull. i would like to rite it out to a tab delimited file.
here is a piece fo my file. I want to loop thru and write the line everytime a logon fails.
[42081,02/02/2009,05:09:04.500,SEV=3,AUTH/5,RPT=14302,4.240.117.141,Authentication rejected: Reason = Logon Failurehandle = 158 42081,02/02/2009,05:09:04.500,SEV=3,AUTH/5,RPT=14302,4.240.117.141,Authentication rejected: Reason = Logon Failurehandle = 158
server = 00.00.00.00 user = xxxxxxx domain = xxxxxx
42083,02/02/2009,05:09:09.780,SEV=6,IKE/0,RPT=23029,AMV6 AMV6:0af6bb39
received unexpected event EV_SA_EXPIRED in state AM_WAIT_DELETE
>H 42085,02/02/2009,05:09:11.140,SEV=3,AUTH/5,RPT=14303,4.240.117.141,Authentication rejected: Reason = Logon Failurehandle = 157
server = 00.00.00.00 user = xxxxxxx domain = xxxxx
here is a piece fo my file. I want to loop thru and write the line everytime a logon fails.
[42081,02/02/2009,05:09:04.500,SEV=3,AUTH/5,RPT=14302,4.240.117.141,Authentication rejected: Reason = Logon Failurehandle = 158 42081,02/02/2009,05:09:04.500,SEV=3,AUTH/5,RPT=14302,4.240.117.141,Authentication rejected: Reason = Logon Failurehandle = 158
server = 00.00.00.00 user = xxxxxxx domain = xxxxxx
42083,02/02/2009,05:09:09.780,SEV=6,IKE/0,RPT=23029,AMV6 AMV6:0af6bb39
received unexpected event EV_SA_EXPIRED in state AM_WAIT_DELETE
>H 42085,02/02/2009,05:09:11.140,SEV=3,AUTH/5,RPT=14303,4.240.117.141,Authentication rejected: Reason = Logon Failurehandle = 157
server = 00.00.00.00 user = xxxxxxx domain = xxxxx
