Solved

auto query windows security log for specific event id

Posted on 2010-08-24
4
686 Views
Last Modified: 2012-05-10
hi

I have been running with powershell for a fair while now, so my vbscript is a little rusty..!
I am wanting to schedule a job to run on a legacy exchange 2003 server and export 1009 events from the security log.

I am auditing the legacy infrastructure to ensure recently migrated users are not accessing their old mailboxes by mistake - these will of course be closed shortly but for a week or so I would like to audit.

I am running dumpeventlog.vbs but I would like something that I can auto-schedule to specifically export 1009 events from the security log only...

I am not able to install anything in the legacy environment and powershell is a no-go.

Any help pointers much appreciated...

Cheers
Bry
0
Comment
Question by:BryanOakley
  • 2
4 Comments
 

Author Comment

by:BryanOakley
ID: 33510580
sorry, I meant from the appluication log as this is where exchange logons audits are written to :-)
0
 
LVL 26

Expert Comment

by:pony10us
ID: 33511785
you could take a look at using WMI:    http://www.computerperformance.co.uk/vbscript/wmi_event_log.htm
0
 
LVL 5

Accepted Solution

by:
MaxSoullard earned 500 total points
ID: 33512054
try this vb

Just instantiate the strTxtFile variable with the path for a result file. I recoment with a CSV extension
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where Logfile = 'Application' and " & "EventCode = '1009'")

strResult = "Category,Computer Name,Event Code,Message,Record Number,Source Name,Time Written,Event Time,User" & VbCrLf
For Each objEvent in colLoggedEvents
strResult = strResult & objEvent.Category & "," & objEvent.ComputerName & "," & objEvent.EventCode & "," & Replace(objEvent.Message,VbCrLf,"") & "," & objEvent.RecordNumber & "," & objEvent.SourceName & "," & objEvent.TimeWritten & "," & objEvent.Type  & "," & objEvent.User & VbCrLf

Next


Const ForReading = 1
Const ForWriting = 2

strTxtFile = "RESULTS TEXT FILE PATH"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strTxtFile, ForWriting,true)
objFile.Write(strResult)
objFile.Close

Open in new window

0
 

Author Closing Comment

by:BryanOakley
ID: 33512780
hi MaxSoullad

perfect..! thanks so much. That's blew a few cob-webs off...

@pony10us: appreciate your input.

Cheers
Bry
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now