Using the tools inside Kiwi Syslog (purchased), I'd like to parse out of security event messages the event ID and description, and account name, all so it will show in the email subject line. I'd love to be able to shorten the event description as I see fit, even if I need to create an if/then sequence in the parsing script to do so. We are only using the email action for a short list of user events: 4720-4726, 4740 & 4767 (server 2012 R2).
If it helps, I've been creating complicated Crystal Reports formulae in CR language for more than ten years. But I'm a VB script noob.
As an example: event 4740 (A user account was locked out).
I'd like the email subject line to read like this: User Event 4740, user montyp account was locked out
So I see that as: User Event [event ID], user [Account name] [shortened/altered event description (perhaps created with if/then using the event ID and my chosen verbiage)]
Another example: event 4723 (An attempt was made to change an account's password).
I'd like the email subject line to read like this: User Event 4723, user montyp changed pw
Another example: event 4767 (A user account was unlocked).
I'd like the email subject line to read like this: User Event 4767, user montyp account unlocked
Many thanks
TSL