Solved

Delphi Get Security Event Logs using FWMIService

Posted on 2014-03-09
7
766 Views
Last Modified: 2014-03-21
In Delphi Wish to read security event logs.

This type of code below works with other calls to the   FWMIService

I just can't get the basic function to work..
It Gives an IO Error 105

I have tried it on XP and Win 2008r2
I wish it to work on Advance Servers like 2008r2 and 2012


procedure  GetLogEvents3;
const
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin

  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
  FWMIService.Security_.ImpersonationLevel:=3; //Impersonate security
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  while oEnum.Next(1, FWbemObject, iValue) = 0 do
  begin
    Form1.LogWin.Lines.add(Format('Rec id %s',[Integer(FWbemObject.EventrecordID)]));
    Form1.LogWin.Lines.add(Format('Address %s',[Integer(FWbemObject.IpAddress)]));
  end;
    FWbemObject:=Unassigned;
end;

Open in new window

0
Comment
Question by:yahoolane
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:Sinisa Vuk
ID: 39916868
Which line throws error? (using debug or other method)
Is this came from:
http://theroadtodelphi.wordpress.com/2011/10/27/wmi-tasks-using-delphi-%E2%80%93-event-logs/?

Maybe your user level have no access (rights) to access security logs. (even if you do impersonate)
0
 
LVL 38

Expert Comment

by:Geert Gruwez
ID: 39916905
is wmi service running on the server
i know it's a very basic check ... :)
0
 
LVL 1

Author Comment

by:yahoolane
ID: 39925409
This is the Line that is giving the I/O error 105

FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);

Open in new window


WMI is running because I can do the same code and ask for the OS and other settings
by just changing the line above.   I am running as administrator.

If this is not the answer to getting the security logs, without putting in a trap.
Please point me in the right direction.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:Sinisa Vuk
ID: 39925704
if you put:
FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);                                           

Open in new window


.... is error still present?
0
 
LVL 1

Author Comment

by:yahoolane
ID: 39933213
I had tried the * earlier, with the same issue.

I understand SQL

it is just not working.
0
 
LVL 1

Accepted Solution

by:
yahoolane earned 0 total points
ID: 39933221
This is wonderful if it worked.
but not having any luck with WMI

Tried the JEDI  code

It at lease works but has some short comings.

JvNTEventLog  works for all servers

It data returns funny but it works.
0
 
LVL 1

Author Closing Comment

by:yahoolane
ID: 39944769
JEDI code worked for the problem I had

Examples would be nice.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes relatively difficult and non-obvious issues that are likely to arise when creating COM class in Visual Studio and deploying it by professional MSI-authoring tools. It is assumed that the reader is already familiar with the cla…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month9 days, left to enroll

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question