Solved

View WIndows Security Log

Posted on 2007-11-21
5
292 Views
Last Modified: 2010-04-30
Using code found here ( http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_20870132.html?sfQueryTermInfo=1+log+read+secur+vb) to view the Windows event log.  It will go through the Application and System Log just fine but I need it to look through the Security Log.  Is there a way to get this information as well?  Code below:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String

Command1.Enabled = False

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next

Command1.Enabled = True

0
Comment
Question by:MERCOMMS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327447
That should also grab the security log.

Try making this change temporarily and let us know the results:

Change
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent", , 48)

To
     Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
0
 
LVL 17

Expert Comment

by:John Gates,
ID: 20327475
You need to incorporate this:

' WMI Core Section
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security'" )

And off you go ;-)
0
 
LVL 20

Expert Comment

by:ltlbearand3
ID: 20327692
Try this to get through all logs:

Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String
 
Command1.Enabled = False
 
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
objWMIService("Select * from Win32_NTLogEvent")
For Each objItem In colItems
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next
 
Command1.Enabled = True

Open in new window

0
 

Author Comment

by:MERCOMMS
ID: 20328069
ltlbearand3: Set colItems = objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Security'")
Tried that already but did it again. Nothing is processed.

dimante:
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty

ltlbearand3:Entire code
Tried that.  The code inside the For Each loop is processed 1 time but all strings are empty
0
 
LVL 20

Accepted Solution

by:
ltlbearand3 earned 250 total points
ID: 20328309
Sorry Forgot one change.  Try this
  -Bear
Dim strCategory As String
Dim strCategoryString As String
Dim strComputerName As String
Dim strData As String
Dim strEventCode As String
Dim strEventIdentifier As String
Dim strInsertionStrings As String
Dim strLogfile As String
Dim strMessage As String
Dim strRecordNumber As String
Dim strSourceName As String
Dim strTimeGenerated As String
Dim strTimeWritten As String
Dim strType As String
Dim strUser As String
 
Command1.Enabled = False
 
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
	& "{impersonationLevel=impersonate,(Security)}!\\" _
	& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent")
For Each objItem In colLoggedEvents
    strCategory = objItem.Category
    strCategoryString = objItem.CategoryString
    strComputerName = objItem.ComputerName
    strData = objItem.Data
    strEventCode = objItem.EventCode
    strEventIdentifier = objItem.EventIdentifier
    strInsertionStrings = objItem.InsertionStrings
    strLogfile = objItem.Logfile
    strMessage = objItem.Message
    strRecordNumber = objItem.RecordNumber
    strSourceName = objItem.SourceName
    strTimeGenerated = objItem.TimeGenerated
    strTimeWritten = objItem.TimeWritten
    strType = objItem.Type
    strUser = objItem.User
Next
 
Command1.Enabled = True

Open in new window

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL VB connection works in one PC and doesn't in another 15 80
Protecting vb6 & .Net code Obfuscation 18 217
MsgBox 4 76
VBA: copy range dynamically based on config sheet v2 3 61
Article by: Martin
Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question