Archived Logon Events

Archived Logon Events

I have an audit today and the client wants to see logon and logoff events from 4 months ago. Our logs are archived after 30-40 days. I tried loading the archived log, but once loaded I can't do a logon or failed logon report, it shows no data. It seems I am only able to do a search of the archived log in it's original format. I did a search using event ID = 4624, Severity = Success and it shows all events with a 4624 ID, but the logs aren't in a very easy to read format and you can't really tell what user performed the event. I think it only shows the Login ID and Login GUID, but you can't really tell who these belong too. How can I get a logon / logoff report in a readable format for the auditors from the archived logs? I can't believe event log analyzer won't load these archived logs into the application itself for reporting, really bad design in my opinion.

                New to ADSelfService Plus?