Actually in my script, i am trying to fetch logon success and logon failure events of domain users who are authenticated by that domain controller from the event viewer.
For this ,i am using event ID '4776' .But, i am not getting any logs in CSV. I looked the event viewer data for event id 4776, and my server contains both logs for Audit success and Audit failure for event id '4776'.
can anyone help me in this. Also i want to fetch logon success and logon failure logs of the domain user who are authenticated by that domain controller. for this , i am using this code
if ($i.EventID -eq 4776 ) -and (Keywords -eq '4503599627370496') //for logon failure events
&
($i.EventID -eq 4776 ) -and (Keywords -eq '13510798882111488') //for logon success events
but not getting my output.
can anyone please help me in this.
Thank you
