I'd like to get a vbscript to query the Windows security log at regular intervals and notify me of the number of failed log in attempts in the past 10-30 minutes.
I have a VBScript script queries through WMI that works on a basic level, but it is extremely slow (60+ seconds). (you can see the query there below). The slowness problem maybe that it grabs all of the events queried, but try as I might, I cannot find/figure out the correct sytnax for querying just the time I want. (see second code snippit for one of my attempts) I've tried all sorts of diferent date formats. Is it even possible to query via date?
Is there a secondary approach I can take to getting the same data with a quicker method? i.e. using something other than WMI?
"Select * From Win32_NTLogEvent Where EventType <> 0 AND EventType <> 2 AND EventType <> 3 AND EventType <> 4 AND EventIdentifier = 529"
"Select * From Win32_NTLogEvent Where EventType <> 0 AND EventType <> 2 AND EventType <> 3 AND EventType <> 4 AND EventIdentifier = 529 AND TimeGenerated > 20090525155200.000000-000 "