Solved

View WIndows Security Log

Posted on 2007-11-21
5
287 Views
Last Modified: 2010-04-30
Using code found here ( http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_20870132.html?sfQueryTermInfo=1+log+read+secur+vb) to view the Windows event log.  It will go through the Application and System Log just fine but I need it to look through the Security Log.  Is there a way to get this information as well?  Code below:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String

Command1.Enabled = False

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next

Command1.Enabled = True

0
Comment
Question by:MERCOMMS
  • 3
5 Comments
 
LVL 20

Expert Comment

by:ltlbearand3
Comment Utility
That should also grab the security log.

Try making this change temporarily and let us know the results:

Change
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)

To
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
0
 
LVL 17

Expert Comment

by:John Gates
Comment Utility
You need to incorporate this:

' WMI Core Section
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security'" )

And off you go ;-)
0
 
LVL 20

Expert Comment

by:ltlbearand3
Comment Utility
Try this to get through all logs:

Dim strCategory As String

Dim strCategoryString As String

Dim strComputerName As String

Dim strData As String

Dim strEventCode As String

Dim strEventIdentifier As String

Dim strInsertionStrings As String

Dim strLogfile As String

Dim strMessage As String

Dim strRecordNumber As String

Dim strSourceName As String

Dim strTimeGenerated As String

Dim strTimeWritten As String

Dim strType As String

Dim strUser As String
 

Command1.Enabled = False
 

On Error Resume Next

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate,(Security)}!\\" _

& strComputer & "\root\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery _

objWMIService("Select * from Win32_NTLogEvent")

For Each objItem In colItems

    strCategory = objItem.Category

    strCategoryString = objItem.CategoryString

    strComputerName = objItem.ComputerName

    strData = objItem.Data

    strEventCode = objItem.EventCode

    strEventIdentifier = objItem.EventIdentifier

    strInsertionStrings = objItem.InsertionStrings

    strLogfile = objItem.Logfile

    strMessage = objItem.Message

    strRecordNumber = objItem.RecordNumber

    strSourceName = objItem.SourceName

    strTimeGenerated = objItem.TimeGenerated

    strTimeWritten = objItem.TimeWritten

    strType = objItem.Type

    strUser = objItem.User

Next
 

Command1.Enabled = True

Open in new window

0
 

Author Comment

by:MERCOMMS
Comment Utility
ltlbearand3: Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
Tried that already but did it again. Nothing is processed.

dimante:
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty

ltlbearand3:Entire code
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty
0
 
LVL 20

Accepted Solution

by:
ltlbearand3 earned 250 total points
Comment Utility
Sorry Forgot one change.  Try this
  -Bear
Dim strCategory As String

Dim strCategoryString As String

Dim strComputerName As String

Dim strData As String

Dim strEventCode As String

Dim strEventIdentifier As String

Dim strInsertionStrings As String

Dim strLogfile As String

Dim strMessage As String

Dim strRecordNumber As String

Dim strSourceName As String

Dim strTimeGenerated As String

Dim strTimeWritten As String

Dim strType As String

Dim strUser As String

 

Command1.Enabled = False

 

On Error Resume Next

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

	& "{impersonationLevel=impersonate,(Security)}!\\" _

	& strComputer & "\root\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent")

For Each objItem In colLoggedEvents

    strCategory = objItem.Category

    strCategoryString = objItem.CategoryString

    strComputerName = objItem.ComputerName

    strData = objItem.Data

    strEventCode = objItem.EventCode

    strEventIdentifier = objItem.EventIdentifier

    strInsertionStrings = objItem.InsertionStrings

    strLogfile = objItem.Logfile

    strMessage = objItem.Message

    strRecordNumber = objItem.RecordNumber

    strSourceName = objItem.SourceName

    strTimeGenerated = objItem.TimeGenerated

    strTimeWritten = objItem.TimeWritten

    strType = objItem.Type

    strUser = objItem.User

Next

 

Command1.Enabled = True

Open in new window

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now