I’m searching for a good way to parse message string from security event log entries.
I found many on web but all of them implements in a way parsing xlm with value positioning.
For example they parse only 4625 eventid entries which have same properties on same position in every event.
But what if I want to see on every line if there’s a string like Account Name for example.
I want to find a way to look on every line and if there’s a string Account Name then give me back the line.
I found that Select-String do sth like this (like grep on linux) but i didn’t find a way to do select string on a string.
Is there any good way?
thank you all experts!!