Ok, I think I see what the problem is, but I do not know how to fix it. Following is a snippet of the very long output :
Code:
{
"timestamp": "2023-01-09T18:25:52.548559-0800",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_WRONG_PASSWORD",
"localAddress": "ipv4:10.0.0.82:445",
"remoteAddress": "ipv4:10.0.0.14:49802",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "DESKTOP-MS97RLC",
"clientAccount": "ACCT_Name",
"workstation": "DESKTOP-MS97RLC",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "ACCT_Name",
"mappedDomain": "DESKTOP-MS97RLC",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv1",
"duration": 2606
},
"timestamp_tval": {
"tv_sec": 1673317552,
"tv_usec": 548559
}
}
vs.
Code:
{
"timestamp": "2023-01-09T18:28:57.038099-0800",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4624,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_OK",
"localAddress": "ipv4:10.0.0.82:445",
"remoteAddress": "ipv4:10.0.0.24:59574",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "smb://",
"clientAccount": "ACCT_Name",
"workstation": "",
"becameAccount": "ACCT_Name",
"becameDomain": "TRUENAS",
"becameSid": "S-1-5-21-3000440665-3739277682-3163195226-1003",
"mappedAccount": "ACCT_Name",
"mappedDomain": "smb://",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"duration": 11189
},
"timestamp_tval": {
"tv_sec": 1673317737,
"tv_usec": 38099
}
},
{
"timestamp": "2023-01-09T18:29:14.129186-0800",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4624,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_OK",
"localAddress": "ipv4:10.0.0.82:445",
"remoteAddress": "ipv4:10.0.0.24:59576",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "WORKGROUP",
"clientAccount": "ACCT_Name",
"workstation": "",
"becameAccount": "ACCT_Name",
"becameDomain": "TRUENAS",
"becameSid": "S-1-5-21-3000440665-3739277682-3163195226-1003",
"mappedAccount": "ACCT_Name",
"mappedDomain": "WORKGROUP",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"duration": 16157