Advertisement

07.22.2008 at 03:15PM PDT, ID: 23586812
[x]
Attachment Details

List specific Events from the Security Event Log

Asked by pzozulka in Microsoft Visual Basic.Net, Windows XP Operating System, Windows 2003 Server

Tags:

Greetings,

I am in charge of a server that needs to collect logon/logoff security logs from various workstations.
I looked into a couple books laying around and found a VBS script. However, the script backs up everything, I need to narrow it down to only a specific user, and only event id = 528 or 551.

The script is below, how can it be modified to be more specific, or are there any other script that can do what I need?Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:

On Error Resume Next
Set EventLog = GetObject("winmgmts:{impersonationlevel=impersonate}").ExecQuery("select * from Win32_NTLogEvent")
 
Set FSO = CreateObject("Scripting.FileSystemObject")
Set txt = FSO.CreateTextFile("C:\Scriptfiles\vbs\text.txt", True)
For each Entry in EventLog
 If Len(Entry.Message) > 0 Then
  For x = 1 to Len(Entry.Message)
   Char = Mid(Entry.Message,x,1)
   If Asc(Char) = 10 Then
    MSG = MSG & " "
   ElseIf Asc(Char) <> 13 Then
    MSG = MSG & Char
   End If
  Next
 EDate = Mid(Entry.TimeGenerated,5,2) & "/" & _
  Mid(Entry.TimeGenerated,7,2) & "/" & _
  Mid(Entry.TimeGenerated,1,4)
 ETime = Mid(Entry.TimeGenerated,9,2) & ":" & _
  Mid(Entry.TimeGenerated,11,2) & ":" & _
  Mid(Entry.TimeGenerated,13,2)
 ETime = FormatDateTime(ETime,3)
 
 If IsNull(Entry.User)  Then
  User = "N/A"
 Else
  User = Entry.User
 End If
 
 If IsNull(Entry.CategoryString) Then
  Category = "none"
 Else
  Category =Entry.CategoryString
 End If
 
 EVT = Entry.LogFile & VBtab & _
 Entry.Type & VBtab & _
 EDate & VBtab & _
 ETime & VBTab & _
 Entry.SourceName & VBtab & _
 Category & VBtab & _
 Entry.EventCode & VBtab & _
 User & VBtab & _
 Entry.ComputerName & VBtab & _
 MSG
 txt.writeline EVT
 
 EVT = Null
 Char = Null
 MSG = Null
End If
Next
txt.close
Wscript.echo "Done"
[+][-]07.22.2008 at 04:37PM PDT, ID: 22064687

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 04:45PM PDT, ID: 22064731

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 04:51PM PDT, ID: 22064761

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 04:55PM PDT, ID: 22064785

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 05:03PM PDT, ID: 22064841

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.23.2008 at 09:10AM PDT, ID: 22070762

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.23.2008 at 11:10AM PDT, ID: 22072123

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.23.2008 at 12:31PM PDT, ID: 22072952

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Microsoft Visual Basic.Net, Windows XP Operating System, Windows 2003 Server
Tags: event, viewer, script, logs
Sign Up Now!
Solution Provided By: mitb
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628