Is there a way to use Logparser to scrub through 2008 R2 FTP logs looking for code 530, and then generate an application event log based on that line of the log? The reason I ask is because the security logs will show a corresponding 4625 failure event, but
in 2008 R2 it doesn't list the offending IP address. meanwhile the FTP logs DO show the IP. Once I get an event log created, I can script my way into black-holing any offending IPs. Thanks,
↧