Jump to content

Search the Community

Showing results for tags 'eventlog'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements and Site News
    • Administration
  • AutoIt v3
    • AutoIt Help and Support
    • AutoIt Technical Discussion
    • AutoIt Example Scripts
  • Scripting and Development
    • Developer General Discussion
    • Language Specific Discussion
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Categories

  • AutoIt Team
    • Beta
    • MVP
  • AutoIt
    • Automation
    • Databases and web connections
    • Data compression
    • Encryption and hash
    • Games
    • GUI Additions
    • Hardware
    • Information gathering
    • Internet protocol suite
    • Maths
    • Media
    • PDF
    • Security
    • Social Media and other Website API
    • Windows
  • Scripting and Development
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Categories

  • Forum FAQ
  • AutoIt

Calendars

  • Community Calendar

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Member Title


Location


WWW


Interests

Found 5 results

  1. Greetings! I was exploring as I saw the below URL which reads the event logs from specific type (Application, Security, System, etc.) So, I was in need to read a specific event id instead of the type of event, i.e. I need to read event id 1074 which lands under Security type. Any assistance will be grateful. Happy new year in advance!!
  2. Hello, I'm working on a script that writes detailed application event logs, and I'd like to know if there is a way with Autoit to write multiple lines of XML EventData (see example below): <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application" /> <EventID Qualifiers="0">1001</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-07-12T21:26:07.000000000Z" /> <EventRecordID>86554</EventRecordID> <Channel>Application</Channel> <Computer>YOUR_COMPUTER</Computer> <Security /> </System> <EventData> <Data>DeskTop Agent: Mike</Data> <Data>Observer Username: Miguel</Data> etc... </EventData> </Event> So far, using EventCreate, everything I send end's up in a single <data> entry (see below): <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application" /> <EventID Qualifiers="0">1001</EventID> <Level>4</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-07-12T21:26:07.000000000Z" /> <EventRecordID>86554</EventRecordID> <Channel>Application</Channel> <Computer>YOUR_COMPUTER</Computer> <Security /> </System> <EventData> <Data>DeskTop Agent: Mike Observer Username: Miguel</Data> </EventData> </Event> Here is the code I'm using thus far (which does not work the way I'd like): $LogData = @CRLF & "DeskTop Agent: " & @UserName & @CRLF & "Observer Username: " & $DTObserver & @CRLF & "File name/s with extension: " & $FilenameWextension & @CRLF & "Action Performed: " & $ActionPerformed & @CRLF & "Explanation: " & $Explanation & @CRLF & "Machine Name: " & @ComputerName & @CRLF & "IP Address: " & @IPAddress1 & @CRLF & "App1Installed: " & $App1 & @CRLF & "App2Installed: " & $App2 Run("eventcreate /T Information /ID 100 /L Application /SO DTALog /D " & Chr(34) & "DTALog Details: " & $LogData & Chr(34), "", @SW_HIDE, 2) I found a Stackoverflow post that talks about doing it in C# (https://stackoverflow.com/questions/7694276/how-to-add-multiple-lines-of-eventdata-to-an-eventlog-in-windows) but I'd like to determine if it can be accomplished with AutoIt!. Thanks for your time, -Mike
  3. Hello guys, I analyzed script that you find below and I planned to add more information to the ListView, type: - Username login - Now the computer power You think you can take this information and show them in the table? #include <Array.au3> #include <WindowsConstants.au3> #include <GUIConstantsEx.au3> #include <GuiListView.au3> Dim $aBrowdcast[4] $aBrowdcast[0]=@IPAddress1 $aBrowdcast[1]=@IPAddress2 $aBrowdcast[2]=@IPAddress3 $aBrowdcast[3]=@IPAddress4 $filemaclist="MACLIST.DAT" Dim $MACAddressList[1] $MACAddressList[0] = "08000e42faa7" ; =================================================================== ; Gui ; ; =================================================================== $mainwindow=GUICreate("WOLLE",450,300) $mwbtnExit=GUICtrlCreateButton("Exit",350,150,100) $mwbtnGetMac=GUICtrlCreateButton("Get Mac adresses",10,150,100) $mwbtnWakeupall=GUICtrlCreateButton("Wake up all in list",130,150,100) $mwbtnWakeupSelected=GUICtrlCreateButton("Wake up selected",240,150,100) $mwlblIpRange=GUICtrlCreateLabel("Enter Start and End IP for search, will only search for last segment, sorry....",10,115,200,30) $mvinpIpStart=GUICtrlCreateInput("192.168.0.1",250,120,100,15) $mvinpIpStop=GUICtrlCreateInput("192.168.0.10",350,120,100,15) $mvinpWakeupTimeHH=GUICtrlCreateCombo("0",10,220,40) $mvinpWakeupTimeMM=GUICtrlCreateCombo("00",50,220,40) $mvinpWakeupTimeSS=GUICtrlCreateCombo("00",90,220,40) FillTimeCombos() $mwbtnActivateTimer=GUICtrlCreateButton("Activate Timer",290,220,120) $mwbtnSetTimertoNow=GUICtrlCreateButton("Set Timer to now",160,220,120) $mwbtnReadMacListFile=GUICtrlCreateButton("MACLIST.DAT",260,50,120) $mwlvMacadresses=GUICtrlCreateListView("MacAdresses |IP ",10,10,250,100) $mwlblStatus=GUICtrlCreateLabel("Status:",10,180,400) readmacfile() setTimertoNow() $boolTimerActive=0 GUISetState(@SW_SHOW) While 1 $msg = GUIGetMsg() select case $msg = $GUI_EVENT_CLOSE ExitLoop case $msg = $mwbtnExit ExitLoop case $msg = $mwbtnWakeupall wol_all() case $msg = $mwbtnGetMac getmacinrange() case $msg = $mwbtnGetMac getmacinrange() case $msg = $mwbtnWakeupSelected wol_selected() case $msg = $mwbtnReadMacListFile readmacfile() case $msg = $mwbtnActivateTimer if $boolTimerActive=1 Then TimerDisable(0) Else TimerDisable(1) endif case $msg = $mwbtnSetTimertoNow setTimertoNow() EndSelect if $boolTimerActive=1 Then CheckWakeup() sleep(100) endif WEnd GUIDelete() exit ; =================================================================== ; Function: setTimertoNow ; sets the thre time controls to the current time ; =================================================================== func setTimertoNow() guictrlsetdata($mvinpWakeupTimeHH,@HOUR) guictrlsetdata($mvinpWakeupTimeMM,@MIN) guictrlsetdata($mvinpWakeupTimeSS,@SEC) EndFunc ; =================================================================== ; Function: TimerDisable ; Toggle for the Timer button ; =================================================================== func TimerDisable($TimerState) $boolTimerActive=$TimerState if $TimerState = "0" Then GUICtrlSetState($mwbtnExit,$GUI_ENABLE) GUICtrlSetState($mwbtnGetMac,$GUI_ENABLE) GUICtrlSetState($mwbtnWakeupall,$GUI_ENABLE) GUICtrlSetState($mwbtnWakeupSelected,$GUI_ENABLE) GUICtrlSetState($mvinpIpStart,$GUI_ENABLE) GUICtrlSetState($mvinpIpStop,$GUI_ENABLE) GUICtrlSetState($mvinpWakeupTimeHH,$GUI_ENABLE) GUICtrlSetState($mvinpWakeupTimeMM,$GUI_ENABLE) GUICtrlSetState($mvinpWakeupTimeSS,$GUI_ENABLE) GUICtrlSetState($mwbtnReadMacListFile,$GUI_ENABLE) GUICtrlSetState($mwbtnSetTimertoNow,$GUI_ENABLE) GUICtrlSetData($mwbtnActivateTimer," Activate Timer") setStatusMsg("Timer deactivated") Else GUICtrlSetState($mwbtnExit,$GUI_DISABLE) GUICtrlSetState($mwbtnGetMac,$GUI_DISABLE) GUICtrlSetState($mwbtnWakeupall,$GUI_DISABLE) GUICtrlSetState($mwbtnWakeupSelected,$GUI_DISABLE) GUICtrlSetState($mvinpIpStart,$GUI_DISABLE) GUICtrlSetState($mvinpIpStop,$GUI_DISABLE) GUICtrlSetState($mvinpWakeupTimeHH,$GUI_DISABLE) GUICtrlSetState($mvinpWakeupTimeMM,$GUI_DISABLE) GUICtrlSetState($mvinpWakeupTimeSS,$GUI_DISABLE) GUICtrlSetState($mwbtnReadMacListFile,$GUI_DISABLE) GUICtrlSetState($mwbtnSetTimertoNow,$GUI_DISABLE) GUICtrlSetData($mwbtnActivateTimer," De-Activate Timer") EndIf EndFunc ; =================================================================== ; Function: CheckWakeup ; critical only equal time will trigger (needs omething better like a small range) ; =================================================================== func CheckWakeup() $strWakeupTime=GUICtrlRead($mvinpWakeupTimeHH)&GUICtrlRead($mvinpWakeupTimeMM)&GUICtrlRead($mvinpWakeupTimess) $strNow=@HOUR&@MIN&@SEC setStatusMsg("Current time:"&@HOUR&":"&@MIN&":"&@SEC) if $strNOW = $strWakeupTime Then SoundPlay(@WindowsDir & "\media\tada.wav",0) wol_all() EndIf EndFunc ; =================================================================== ; Function: FillTimeCombos ; filling the controls with data ; =================================================================== func FillTimeCombos() for $i=1 to 23 GUICtrlSetData($mvinpWakeupTimeHH,$i) Next for $i=1 to 59 GUICtrlSetData($mvinpWakeupTimeMM,$i) GUICtrlSetData($mvinpWakeupTimeSS,$i) Next EndFunc ; =================================================================== ; Function: readmacfile ; reads mac list in ini format ; =================================================================== func readmacfile($filemaclist="MACLIST.DAT") if FileExists($filemaclist) Then $aMaclist=IniReadSection(@scriptdir&"\"&$filemaclist,"MACLISTE") _GUICtrlListView_DeleteAllItems($mwlvMacadresses) for $i = 1 to $aMaclist[0][0] GUICtrlCreateListViewItem(""&$aMaclist[$i][1]&"|"&$aMaclist[$i][0]&"", $mwlvMacadresses) Next EndIf EndFunc ; =================================================================== ; Function: getmacinrange ; simple try to get all mac adresses from a given range (only last segment) ; =================================================================== func getmacinrange() FileDelete(@ScriptDir&"\"&$filemaclist) $aIpStart=StringSplit(GUICtrlRead($mvinpIpStart),".") $aIpStop=StringSplit(GUICtrlRead($mvinpIpStop),".") for $IpSegD = $aIpStart[4] to $aIpStop[4] get_mac($aIpStart[1]&"."&$aIpStart[2]&"."&$aIpStart[3]&"."&$IpSegD) Next readmacfile() EndFunc ; =================================================================== ; Function: wol_selected ; sents magic paket to the macadress selected in listviw ; =================================================================== func wol_selected() $aSelectedItems=_GUICtrlListView_GetSelectedIndices($mwlvMacadresses,true) if $aSelectedItems[0] > 0 Then $macadress=_GUICtrlListView_GetItemText($mwlvMacadresses,$aSelectedItems[1]) for $adapter in $aBrowdcast wol_adapter($adapter,$macadress) Next setStatusMsg("is "&$adapter&" awake?") EndIf endfunc ; =================================================================== ; Function: wol_all ; ; =================================================================== func wol_all() for $adapter in $aBrowdcast wol_adapter_all($adapter) Next setStatusMsg("All awake?") endfunc ; =================================================================== ; Function: setStatusMsg($msgtext) ; $msg --- Message for status text ; =================================================================== func setStatusMsg($msgtext) GUICtrlSetData($mwlblStatus,"Status:"&$msgtext) endfunc ; =================================================================== ; Function: wol_adapter($adapter,$$macadress) ; $adapter --- is the ipadress of the adapter ; $macadress --- is the macadress ; =================================================================== func wol_adapter($adapter,$macadress) if $adapter <> "0.0.0.0" Then $IPADRESS = StringSplit($adapter,".") $Broadcast = $IPADRESS[1] & "." & $IPADRESS[2] & "." & $IPADRESS[3] & "." & "255" $String="" setStatusMsg("Sent WOL via "&$Broadcast&" for:"&$macadress) WOL($Broadcast,$macadress) EndIf EndFunc ; =================================================================== ; Function: wol_adapter($adapter) ; $adapter --- is the ipadress of the adapter ; =================================================================== func wol_adapter_all($adapter) if $adapter <> "0.0.0.0" Then $IPADRESS = StringSplit($adapter,".") $Broadcast = $IPADRESS[1] & "." & $IPADRESS[2] & "." & $IPADRESS[3] & "." & "255" $String="" FOR $macadress IN $MACAddressList setStatusMsg("Sent WOL via "&$Broadcast&" for:"&$macadress) WOL($Broadcast,$macadress) Sleep(1000) Next EndIf EndFunc ; =================================================================== ; Function: WOL($Broadcast,$element) ; $Broadcast --- is ipadress of adapter with 255 at the End ; $MACAddress --- is the macadress ; =================================================================== ; Wake up on Lan Function (Open connection and broadcast to Lan) Func WOL($Broadcast,$MACAddress) UDPStartUp() $connexion = UDPOpen($Broadcast,7) UDPSend($connexion, GenerateMagicPacket($MACAddress)) UDPCloseSocket($connexion) UDPShutdown() EndFunc ; This function convert a MAC Address Byte (e.g. "1f") to a char Func HexToChar($strHex) Return Chr(Dec($strHex)) EndFunc ; This function generate the "Magic Packet" Func GenerateMagicPacket($strMACAddress) $MagicPacket = "" $MACData = "" For $p = 1 To 11 Step 2 $MACData = $MACData & HexToChar(StringMid($strMACAddress, $p, 2)) Next For $p = 1 To 6 $MagicPacket = HexToChar("ff") & $MagicPacket Next For $p = 1 To 16 $MagicPacket = $MagicPacket & $MACData Next Return $MagicPacket EndFunc ; =================================================================== ; Function: get_mac($remote_ip,$filemaclist) ; $remote_ip --- remote ip ; $filemaclist --- file in ini format ; enhanced by TheSovereign - skip local mac adress ; =================================================================== func get_mac($remote_ip,$filemaclist="MACLIST.DAT") Ping($remote_ip,200) if @error =0 Then $arpinfo = Run(@ComSpec & " /c ARP -a "&$remote_ip, @SystemDir, @SW_HIDE, 2) sleep(200) $output = StdoutRead($arpinfo, -1) $aOutputLine=StringSplit($output,@CRLF) If UBound($aOutputLine) > 5 Then ; <=== added so script doesn't choke when processing the IP for the computer it's running on $macadress=Stringmid($aOutputLine[7],25,17) $macadress=StringReplace($macadress,"-","") IniWrite(@ScriptDir&"\"&$filemaclist,"MACLISTE",$remote_ip,$macadress) setStatusMsg("Found maclist "&$macadress) EndIf ; <=== and this one... Else setStatusMsg("Host "&$remote_ip&" not reachable") Return endif EndFunc Source: https://www.autoitscript.com/forum/topic/29772-copyright-free-wake-on-lan-script/
  4. Message is broken out further and requires extra massaging, that and I am formatting it for eventual Neo4j graph sexiness. #include <AutoItConstants.au3> #include<array.au3> #RequireAdmin $outfile = "test_PS_csv_failures.csv" If fileexists($outfile) then FileDelete($outfile) $iPID = run("powershell get-eventlog -logname security -Message '*An account failed to log on*' | select Index,TimeGenerated,Message | format-list" , "", @SW_HIDE , $stdout_child) $sOutput = "" While 1 $sOutput &= StdoutRead($iPID) If @error Then ExitLoop EndIf WEnd $aStr = stringsplit($sOutput , @CRLF , 3) For $i = ubound($aStr) - 1 to 0 step - 1 If NOT stringinstr($aStr[$i] , ":") Then _ArrayDelete($aStr , $i) Next ;~ _ArrayDisplay($aStr) $sFinal = "" $sLine = "" $k = 0 for $i = 0 to 29 $sLine &= stringregexpreplace(stringstripws($aStr[$i] , 8) , "(\:.*)" , "") & "," next $sFinal &= StringTrimRight($sLine , 1) & @LF $sLine = "" for $i = 30 to ubound($aStr) - 1 $aStr[$i] = stringreplace($aStr[$i] , "," , "_") $sLine &= stringregexpreplace($aStr[$i] , "(\A.*\D:)" , "") & "," $k += 1 If $k = 30 Then If NOT StringInStr($sLine , @UserName) Then $sFinal &= StringTrimRight($sLine , 1) & @LF $sLine = "" $k = 0 EndIf next ;~ msgbox(0, '' , $sFinal) filewrite($outfile , $sFinal) shellexecute($outfile)
  5. I have been looking on topics here to find some way to have a program/script monitor eventlogs in real time, but had come up short. Any one have any idea where to look or id there are some api or something that can be used to pick up these in real time and not scan the logfiles every x min/sec? //Regards
×
×
  • Create New...