We are supporting our first Windows 2008 server and we are unable to get DUMPEL to dump out the event codes we need. I understand that the structure of the logs changed and we have new event codes for Windows Vista/2008. I want to use DUMPEL or command lines to extract specific security audi events from the security logs on Windows 2008. My current script that uses dumpel is not producing any output. I am trying to dump out various codes such as 4741, 4742, 4743. I am not sure why it is not working. I'm using the same script except I updated it to change the event code. Example of Syntax: dumpel -l security -m security -e 4741, 4742, 4733 -d 1 >> c:\output\report.txt How can I extract the security event codes using dumpel or some other method, Any help is greatly appreciated.

Hi, Please refer to the following post. Windows 2008 - DUMPEL http://social.msdn.microsoft.com/Forums/en/winserver2008appcompatabilityandcertification/thread/6a7f10a4-bb03-42c8-a27c-205af9d25e16 Best Regards, Vincent Hu