Solved

Delphi Get Security Event Logs using FWMIService

Posted on 2014-03-09
7
698 Views
Last Modified: 2014-03-21
In Delphi Wish to read security event logs.

This type of code below works with other calls to the   FWMIService

I just can't get the basic function to work..
It Gives an IO Error 105

I have tried it on XP and Win 2008r2
I wish it to work on Advance Servers like 2008r2 and 2012


procedure  GetLogEvents3;
const
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin

  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
  FWMIService.Security_.ImpersonationLevel:=3; //Impersonate security
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  while oEnum.Next(1, FWbemObject, iValue) = 0 do
  begin
    Form1.LogWin.Lines.add(Format('Rec id %s',[Integer(FWbemObject.EventrecordID)]));
    Form1.LogWin.Lines.add(Format('Address %s',[Integer(FWbemObject.IpAddress)]));
  end;
    FWbemObject:=Unassigned;
end;

Open in new window

0
Comment
Question by:yahoolane
  • 4
  • 2
7 Comments
 
LVL 26

Expert Comment

by:Sinisa Vuk
ID: 39916868
Which line throws error? (using debug or other method)
Is this came from:
http://theroadtodelphi.wordpress.com/2011/10/27/wmi-tasks-using-delphi-%E2%80%93-event-logs/?

Maybe your user level have no access (rights) to access security logs. (even if you do impersonate)
0
 
LVL 37

Expert Comment

by:Geert Gruwez
ID: 39916905
is wmi service running on the server
i know it's a very basic check ... :)
0
 
LVL 1

Author Comment

by:yahoolane
ID: 39925409
This is the Line that is giving the I/O error 105

FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);

Open in new window


WMI is running because I can do the same code and ask for the OS and other settings
by just changing the line above.   I am running as administrator.

If this is not the answer to getting the security logs, without putting in a trap.
Please point me in the right direction.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 26

Expert Comment

by:Sinisa Vuk
ID: 39925704
if you put:
FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);                                           

Open in new window


.... is error still present?
0
 
LVL 1

Author Comment

by:yahoolane
ID: 39933213
I had tried the * earlier, with the same issue.

I understand SQL

it is just not working.
0
 
LVL 1

Accepted Solution

by:
yahoolane earned 0 total points
ID: 39933221
This is wonderful if it worked.
but not having any luck with WMI

Tried the JEDI  code

It at lease works but has some short comings.

JvNTEventLog  works for all servers

It data returns funny but it works.
0
 
LVL 1

Author Closing Comment

by:yahoolane
ID: 39944769
JEDI code worked for the problem I had

Examples would be nice.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you use Adobe Reader X it is possible you can't open OLE PDF documents in the standard. The reason is the 'save box mode' in adobe reader X. Many people think the protected Mode of adobe reader x is only to stop the write access. But this fe…
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now