Solved

auto query windows security log for specific event id

Posted on 2010-08-24
4
689 Views
Last Modified: 2012-05-10
hi

I have been running with powershell for a fair while now, so my vbscript is a little rusty..!
I am wanting to schedule a job to run on a legacy exchange 2003 server and export 1009 events from the security log.

I am auditing the legacy infrastructure to ensure recently migrated users are not accessing their old mailboxes by mistake - these will of course be closed shortly but for a week or so I would like to audit.

I am running dumpeventlog.vbs but I would like something that I can auto-schedule to specifically export 1009 events from the security log only...

I am not able to install anything in the legacy environment and powershell is a no-go.

Any help pointers much appreciated...

Cheers
Bry
0
Comment
Question by:BryanOakley
  • 2
4 Comments
 

Author Comment

by:BryanOakley
ID: 33510580
sorry, I meant from the appluication log as this is where exchange logons audits are written to :-)
0
 
LVL 26

Expert Comment

by:pony10us
ID: 33511785
you could take a look at using WMI:    http://www.computerperformance.co.uk/vbscript/wmi_event_log.htm
0
 
LVL 5

Accepted Solution

by:
MaxSoullard earned 500 total points
ID: 33512054
try this vb

Just instantiate the strTxtFile variable with the path for a result file. I recoment with a CSV extension
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where Logfile = 'Application' and " & "EventCode = '1009'")

strResult = "Category,Computer Name,Event Code,Message,Record Number,Source Name,Time Written,Event Time,User" & VbCrLf
For Each objEvent in colLoggedEvents
strResult = strResult & objEvent.Category & "," & objEvent.ComputerName & "," & objEvent.EventCode & "," & Replace(objEvent.Message,VbCrLf,"") & "," & objEvent.RecordNumber & "," & objEvent.SourceName & "," & objEvent.TimeWritten & "," & objEvent.Type  & "," & objEvent.User & VbCrLf

Next


Const ForReading = 1
Const ForWriting = 2

strTxtFile = "RESULTS TEXT FILE PATH"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strTxtFile, ForWriting,true)
objFile.Write(strResult)
objFile.Close

Open in new window

0
 

Author Closing Comment

by:BryanOakley
ID: 33512780
hi MaxSoullad

perfect..! thanks so much. That's blew a few cob-webs off...

@pony10us: appreciate your input.

Cheers
Bry
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question