UserName on events Logon/Logoff in im_msvistalog
#1
Altair.Pa
Hi, I am collecting events (im_msvistalog) from system 7001 and 7002 logon and logoff, I would like to know which field I use to catch the user who is logged on or off, because $UserID returns a SID.
Thank you.
#1
Altair.Pa
Hi,
I am collecting events (im_msvistalog) from system 7001 and 7002 logon and logoff, I would like to know which field I use to catch the user who is logged on or off, because $UserID returns a SID.
Thank you.
You can dump the data in json into a file for example where you can see the available fields. See the Debugging Data Processing section in the user guide.
There is also the ResolveSID configuration option that might be related to your use-case. Note that this is an EE feature currently.
