Solved

View WIndows Security Log

Posted on 2007-11-21
5
291 Views
Last Modified: 2010-04-30
Using code found here ( http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_20870132.html?sfQueryTermInfo=1+log+read+secur+vb) to view the Windows event log.  It will go through the Application and System Log just fine but I need it to look through the Security Log.  Is there a way to get this information as well?  Code below:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String

Command1.Enabled = False

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next

Command1.Enabled = True

0
Comment
Question by:MERCOMMS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327447
That should also grab the security log.

Try making this change temporarily and let us know the results:

Change
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)

To
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
0
 
LVL 17

Expert Comment

by:John Gates
ID: 20327475
You need to incorporate this:

' WMI Core Section
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security'" )

And off you go ;-)
0
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327692
Try this to get through all logs:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String
 
Command1.Enabled = False
 
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
objWMIService("Select * from Win32_NTLogEvent")
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next
 
Command1.Enabled = True

Open in new window

0
 

Author Comment

by:MERCOMMS
ID: 20328069
ltlbearand3: Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
Tried that already but did it again. Nothing is processed.

dimante:
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty

ltlbearand3:Entire code
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty
0
 
LVL 20

Accepted Solution

by:
ltlbearand3 earned 250 total points
ID: 20328309
Sorry Forgot one change.  Try this
  -Bear
Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String
 
Command1.Enabled = False
 
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
	& "{impersonationLevel=impersonate,(Security)}!\\" _
	& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent")
For Each objItem In colLoggedEvents
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next
 
Command1.Enabled = True

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VB6 Compile Compatibility Issue 4 121
VBA filters 2 70
Search combo error "Data Type Mismatch in Criteria Expression" 2 81
Problem to line 23 74
Introduction While answering a recent question (http://www.experts-exchange.com/Q_27402310.html) in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question