ITtelligent
asked on
Query Security Log with VBScript
I'd like to get a vbscript to query the Windows security log at regular intervals and notify me of the number of failed log in attempts in the past 10-30 minutes.
I have a VBScript script queries through WMI that works on a basic level, but it is extremely slow (60+ seconds). (you can see the query there below). The slowness problem maybe that it grabs all of the events queried, but try as I might, I cannot find/figure out the correct sytnax for querying just the time I want. (see second code snippit for one of my attempts) I've tried all sorts of diferent date formats. Is it even possible to query via date?
Is there a secondary approach I can take to getting the same data with a quicker method? i.e. using something other than WMI?
I have a VBScript script queries through WMI that works on a basic level, but it is extremely slow (60+ seconds). (you can see the query there below). The slowness problem maybe that it grabs all of the events queried, but try as I might, I cannot find/figure out the correct sytnax for querying just the time I want. (see second code snippit for one of my attempts) I've tried all sorts of diferent date formats. Is it even possible to query via date?
Is there a secondary approach I can take to getting the same data with a quicker method? i.e. using something other than WMI?
"Select * From Win32_NTLogEvent Where EventType <> 0 AND EventType <> 2 AND EventType <> 3 AND EventType <> 4 AND EventIdentifier = 529"
"Select * From Win32_NTLogEvent Where EventType <> 0 AND EventType <> 2 AND EventType <> 3 AND EventType <> 4 AND EventIdentifier = 529 AND TimeGenerated > 20090525155200.000000-000 "
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I googled for an hour looking how to get the format correct - that link would have been perfect!
Your above code works great, with the excpetion the EventType turns out to be 5 in my case, not 1.
Thanks for the help!
Your above code works great, with the excpetion the EventType turns out to be 5 in my case, not 1.
Thanks for the help!
Ha ha, no problem! Thanks for the grade. I only knew where to look for that article because I knew the Scripting Guys have done a bit of Event Log code....check the archives there too for some more samples.
Regards,
Rob.
Regards,
Rob.
ASKER