Solved

View WIndows Security Log

Posted on 2007-11-21
5
289 Views
Last Modified: 2010-04-30
Using code found here ( http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_20870132.html?sfQueryTermInfo=1+log+read+secur+vb) to view the Windows event log.  It will go through the Application and System Log just fine but I need it to look through the Security Log.  Is there a way to get this information as well?  Code below:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String

Command1.Enabled = False

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next

Command1.Enabled = True

0
Comment
Question by:MERCOMMS
  • 3
5 Comments
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327447
That should also grab the security log.

Try making this change temporarily and let us know the results:

Change
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)

To
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
0
 
LVL 17

Expert Comment

by:John Gates
ID: 20327475
You need to incorporate this:

' WMI Core Section
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security'" )

And off you go ;-)
0
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327692
Try this to get through all logs:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String
 
Command1.Enabled = False
 
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
objWMIService("Select * from Win32_NTLogEvent")
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next
 
Command1.Enabled = True

Open in new window

0
 

Author Comment

by:MERCOMMS
ID: 20328069
ltlbearand3: Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
Tried that already but did it again. Nothing is processed.

dimante:
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty

ltlbearand3:Entire code
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty
0
 
LVL 20

Accepted Solution

by:
ltlbearand3 earned 250 total points
ID: 20328309
Sorry Forgot one change.  Try this
  -Bear
Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String
 
Command1.Enabled = False
 
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
	& "{impersonationLevel=impersonate,(Security)}!\\" _
	& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent")
For Each objItem In colLoggedEvents
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next
 
Command1.Enabled = True

Open in new window

0

Featured Post

ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question