Solved

View WIndows Security Log

Posted on 2007-11-21
5
288 Views
Last Modified: 2010-04-30
Using code found here ( http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_20870132.html?sfQueryTermInfo=1+log+read+secur+vb) to view the Windows event log.  It will go through the Application and System Log just fine but I need it to look through the Security Log.  Is there a way to get this information as well?  Code below:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String

Command1.Enabled = False

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next

Command1.Enabled = True

0
Comment
Question by:MERCOMMS
  • 3
5 Comments
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327447
That should also grab the security log.

Try making this change temporarily and let us know the results:

Change
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)

To
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
0
 
LVL 17

Expert Comment

by:John Gates
ID: 20327475
You need to incorporate this:

' WMI Core Section
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security'" )

And off you go ;-)
0
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327692
Try this to get through all logs:

Dim strCategory As String

Dim strCategoryString As String

Dim strComputerName As String

Dim strData As String

Dim strEventCode As String

Dim strEventIdentifier As String

Dim strInsertionStrings As String

Dim strLogfile As String

Dim strMessage As String

Dim strRecordNumber As String

Dim strSourceName As String

Dim strTimeGenerated As String

Dim strTimeWritten As String

Dim strType As String

Dim strUser As String
 

Command1.Enabled = False
 

On Error Resume Next

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate,(Security)}!\\" _

& strComputer & "\root\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery _

objWMIService("Select * from Win32_NTLogEvent")

For Each objItem In colItems

    strCategory = objItem.Category

    strCategoryString = objItem.CategoryString

    strComputerName = objItem.ComputerName

    strData = objItem.Data

    strEventCode = objItem.EventCode

    strEventIdentifier = objItem.EventIdentifier

    strInsertionStrings = objItem.InsertionStrings

    strLogfile = objItem.Logfile

    strMessage = objItem.Message

    strRecordNumber = objItem.RecordNumber

    strSourceName = objItem.SourceName

    strTimeGenerated = objItem.TimeGenerated

    strTimeWritten = objItem.TimeWritten

    strType = objItem.Type

    strUser = objItem.User

Next
 

Command1.Enabled = True

Open in new window

0
 

Author Comment

by:MERCOMMS
ID: 20328069
ltlbearand3: Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
Tried that already but did it again. Nothing is processed.

dimante:
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty

ltlbearand3:Entire code
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty
0
 
LVL 20

Accepted Solution

by:
ltlbearand3 earned 250 total points
ID: 20328309
Sorry Forgot one change.  Try this
  -Bear
Dim strCategory As String

Dim strCategoryString As String

Dim strComputerName As String

Dim strData As String

Dim strEventCode As String

Dim strEventIdentifier As String

Dim strInsertionStrings As String

Dim strLogfile As String

Dim strMessage As String

Dim strRecordNumber As String

Dim strSourceName As String

Dim strTimeGenerated As String

Dim strTimeWritten As String

Dim strType As String

Dim strUser As String

 

Command1.Enabled = False

 

On Error Resume Next

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

	& "{impersonationLevel=impersonate,(Security)}!\\" _

	& strComputer & "\root\cimv2")

Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent")

For Each objItem In colLoggedEvents

    strCategory = objItem.Category

    strCategoryString = objItem.CategoryString

    strComputerName = objItem.ComputerName

    strData = objItem.Data

    strEventCode = objItem.EventCode

    strEventIdentifier = objItem.EventIdentifier

    strInsertionStrings = objItem.InsertionStrings

    strLogfile = objItem.Logfile

    strMessage = objItem.Message

    strRecordNumber = objItem.RecordNumber

    strSourceName = objItem.SourceName

    strTimeGenerated = objItem.TimeGenerated

    strTimeWritten = objItem.TimeWritten

    strType = objItem.Type

    strUser = objItem.User

Next

 

Command1.Enabled = True

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now