Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 842
  • Last Modified:

Delphi Get Security Event Logs using FWMIService

In Delphi Wish to read security event logs.

This type of code below works with other calls to the   FWMIService

I just can't get the basic function to work..
It Gives an IO Error 105

I have tried it on XP and Win 2008r2
I wish it to work on Advance Servers like 2008r2 and 2012


procedure  GetLogEvents3;
const
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin

  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
  FWMIService.Security_.ImpersonationLevel:=3; //Impersonate security
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  while oEnum.Next(1, FWbemObject, iValue) = 0 do
  begin
    Form1.LogWin.Lines.add(Format('Rec id %s',[Integer(FWbemObject.EventrecordID)]));
    Form1.LogWin.Lines.add(Format('Address %s',[Integer(FWbemObject.IpAddress)]));
  end;
    FWbemObject:=Unassigned;
end;

Open in new window

0
yahoolane
Asked:
yahoolane
  • 4
  • 2
1 Solution
 
Sinisa VukCommented:
Which line throws error? (using debug or other method)
Is this came from:
http://theroadtodelphi.wordpress.com/2011/10/27/wmi-tasks-using-delphi-%E2%80%93-event-logs/?

Maybe your user level have no access (rights) to access security logs. (even if you do impersonate)
0
 
Geert GruwezOracle dbaCommented:
is wmi service running on the server
i know it's a very basic check ... :)
0
 
yahoolaneAuthor Commented:
This is the Line that is giving the I/O error 105

FWbemObjectSet:= FWMIService.ExecQuery('SELECT EventrecordID FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);

Open in new window


WMI is running because I can do the same code and ask for the OS and other settings
by just changing the line above.   I am running as administrator.

If this is not the answer to getting the security logs, without putting in a trap.
Please point me in the right direction.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
Sinisa VukCommented:
if you put:
FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_NTEventlogFile Where LogFileName="Security"','WQL',wbemFlagForwardOnly);                                           

Open in new window


.... is error still present?
0
 
yahoolaneAuthor Commented:
I had tried the * earlier, with the same issue.

I understand SQL

it is just not working.
0
 
yahoolaneAuthor Commented:
This is wonderful if it worked.
but not having any luck with WMI

Tried the JEDI  code

It at lease works but has some short comings.

JvNTEventLog  works for all servers

It data returns funny but it works.
0
 
yahoolaneAuthor Commented:
JEDI code worked for the problem I had

Examples would be nice.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now