Archived Logon Events

Archived Logon Events

I have an audit today and the client wants to see logon and logoff events from 4 months ago. Our logs are archived after 30-40 days. I tried loading the archived log, but once loaded I can't do a logon or failed logon report, it shows no data. It seems I am only able to do a search of the archived log in it's original format. I did a search using event ID = 4624, Severity = Success and it shows all events with a 4624 ID, but the logs aren't in a very easy to read format and you can't really tell what user performed the event. I think it only shows the Login ID and Login GUID, but you can't really tell who these belong too. How can I get a logon / logoff report in a readable format for the auditors from the archived logs? I can't believe event log analyzer won't load these archived logs into the application itself for reporting, really bad design in my opinion.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products