Sign in to follow this  
Followers 0
JRSmile

Realtime Eventlog

2 posts in this topic

Hi there,

because of the nice find of trancexx, and the eventlog udf i got a nice idea.

What if you can monitor all eventlogs Company wide in realtime with a little client server architecture?

You will get all events and you can filter the ones out that are interresting for you.

im currently in an early state. where the sending and receiving process is tested and works.

Todo:

add support for all eventlogs not just one ( maybe in additional threads)

make the client a service application with install and uninstall support. ( help needed)

create an udf for couchdb to be able to save all eventlog entries local in a fast nonrelational database. ( 1 GB of data for 150 clients and 13 servers (2DCs) 7 days of EventLog entries)

create autoit appilcation for easy filtering and pro-active management.

client.au3

server.au3


$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

ps: if you want to get some events in the system log i prefer starting and stopping the windows defender service. otherwise you will only see a blank cmd prompt or you wait until a normal event occurs.

In which order you start client and server exe is irrenevant, if the server isn't started the incomming logs are thrown away by windows.

stop: net stop "Windows Defender"

start: net start "Windows Defender"

an example output of the server is:

Dienst "DHCP-Client" befindet sich jetzt im Status "Ausgef³hrt".

Dienst "DNS-Client" befindet sich jetzt im Status "Ausgef³hrt".

Dienst "Shellhardwareerkennung" befindet sich jetzt im Status "Ausgef³hrt".

Dienst "Aufgabenplanung" befindet sich jetzt im Status "Ausgef³hrt".

Dienst "Druckwarteschlange" befindet sich jetzt im Status "Ausgef³hrt".

Dienst "Basisfiltermodul" befindet sich jetzt im Status "Ausgef³hrt".

Dienst "Windows-Firewall" befindet sich jetzt im Status "Ausgef³hrt".

Dienst "Arbeitsstationsdienst" befindet sich jetzt im Status "Ausgef³hrt".

this is from german eventlogs, the ÄÖÜß chars are not displayed well in a dos box but are transfered correctly by the system.

Edited by JRSmile

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0