?
Solved

create a custom log to track deletes on windows server 2003

Posted on 2009-12-18
3
Medium Priority
?
513 Views
Last Modified: 2012-05-08
Hi all,

Is there a way to create a vbscript or something that I can run every half hour or so to track only specific events, create a log file and put it in a specified directory?

For example, I would like to generate a log file that tracks deletes of any folder in a specific directory and which user deleted it. The event viewer can be a bit kludgy to work with.
0
Comment
Question by:binovpd
3 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 26087874
If enabled object auditing, it will be collected in security eventlog.
As said, it can be a little bit hard to find stuff in event viewer...
Use a custom view with filter to only display interesting data or use command line tools like Log Parser or dumpel.exe to dump eventlogs or forward the logs through third party syslogagent to a syslog server for log monitoring.
With Log Parser, you can define a query with SQL/WQL-syntax to query for the interesting log records. It has a built-in template function making it possibly to create a HTML-file with the result for viewing.

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyID=c9c31b3d-c3a9-4a73-86a3-630a3c475c1a&displaylang=en
http://syslogserver.com/syslogagent.html
0
 
LVL 11

Accepted Solution

by:
bsharath earned 500 total points
ID: 26111637
here is a script that will email you when a even occurs
From
http://www.experts-exchange.com/Programming/Languages/Scripting/Q_22862306.html
I use this to track a particular even on my servers

'==============
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

' you need to change here, for specific event logs you want to search. eg Application, Security etc
Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where Logfile = 'Application' AND EventCode = '8226'")
MSG=""
For Each objEvent in colLoggedEvents
      MSG = MSG & vbCrLf & _
            "Category: " & objEvent.Category & vbCrLf & _
            "Computer: " & objEvent.ComputerName & vbCrLf & _
            "Event Type: " & objEvent.Type & VbCrLf & _
            "Username: " & objEvent.User & vbCrLf
Next 
Wscript.Echo MSG

Set objFSO = CreateObject("Scripting.FileSystemObject")

strMessageFile = Replace(WScript.ScriptFullName, WScript.ScriptName, "") & "MsgFile.txt"
strBlatPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "") & "Blat.exe"
strRecipient = "someone@somewhere.com"
strSMTPServer = "SMTPServerName"

strBlatPath = objFSO.GetFile(strBlatPath).ShortPath
Set objOutputFile = objFSO.CreateTextFile(strMessageFile, True)
objOutputFile.Write MSG
objOutputFile.Close
Set objOutputFile = Nothing
strMessageFile = objFSO.GetFile(strMessageFile).ShortPath
strCommand = "cmd /c " & strBlatPath & " " & strMessageFile & " -to " & strRecipient & " -server " & strSMTPServer
Set objShell = CreateObject("WScript.Shell")
objShell.Run strCommand, 1, True
'==============

Open in new window

0
 

Author Closing Comment

by:binovpd
ID: 31674393
Sorry bfor the delay replying. this works well thank you.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question