dh061
asked on
Help with Script that send email about Event Log
I am using the following code that i got help with on a previous post. The code sends an email to me with all the Security events 632. I am trying to monitor who is getting added to Administrator accounts. Is there any why to have the code only send me an email if the event 632 is triggered because a Domain admin was added to an account.
Ideally if there can be a statement added if its domain admin, Enterprise admin, schema admin, or cs3 admintech, it emails me. if event 632 is triggered and its not one of those account it doesn't email me.
thanks in advance for all your help
Ideally if there can be a statement added if its domain admin, Enterprise admin, schema admin, or cs3 admintech, it emails me. if event 632 is triggered and its not one of those account it doesn't email me.
thanks in advance for all your help
const cdoSendUsingPort = 2
const cdoAnonymous = 0
set msg = CreateObject("CDO.Message")
set config = CreateObject("CDO.Configuration")
set msg.Configuration = config
txt = ""
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * From Win32_NTLogEvent Where Logfile = 'Security' AND EventCode = 632 ")
For Each objEvent in colLoggedEvents
txt = txt & objEvent.TimeWritten & vbCRLF & objEvent.ComputerName & vbCRLF & objEvent.Type & vbCRLF & _
objEvent.EventCode & vbCRLF & objEvent.Message & "http://eventid.net/display.asp?eventid" & _
vbCRLF & objEvent.User & vbCRLF & vbCRLF
Next
if txt <> "" then
txt = "The Following Security Errors Have Occurred on COMPUTERNAME: " & vbcrlf & vbCRLF & txt
else
Wscript.Quit(0)
end if
With msg
.to = "someone@somemail.com"
.from = "someone"
.subject = "Security: Possible Group Admin Added From Account"
.textbody = txt
End with
prefix = "http://schemas.microsoft.com/cdo/configuration/"
With config.fields
.item(prefix & "sendusing") = cdoSendUsingPort
.item(prefix & "smtpserver") = "cvn69ucsex01"
.item(prefix & "smtpauthenticate") = cdoAnonymous
.update
End With
on error resume next
msg.send
send_error = error.number
on error goto 0
if send_error <> 0 then
wscript.echo "Error Sending Your Message"
wscript.quit 0
end if
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER