JRSmile Posted December 21, 2009 Share Posted December 21, 2009 Hi there, because of the nice find of trancexx, and the eventlog udf i got a nice idea. What if you can monitor all eventlogs Company wide in realtime with a little client server architecture? You will get all events and you can filter the ones out that are interresting for you. im currently in an early state. where the sending and receiving process is tested and works. Todo: add support for all eventlogs not just one ( maybe in additional threads) make the client a service application with install and uninstall support. ( help needed) create an udf for couchdb to be able to save all eventlog entries local in a fast nonrelational database. ( 1 GB of data for 150 clients and 13 servers (2DCs) 7 days of EventLog entries) create autoit appilcation for easy filtering and pro-active management.client.au3server.au3 $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
JRSmile Posted December 21, 2009 Author Share Posted December 21, 2009 (edited) ps: if you want to get some events in the system log i prefer starting and stopping the windows defender service. otherwise you will only see a blank cmd prompt or you wait until a normal event occurs. In which order you start client and server exe is irrenevant, if the server isn't started the incomming logs are thrown away by windows. stop: net stop "Windows Defender" start: net start "Windows Defender" an example output of the server is: Dienst "DHCP-Client" befindet sich jetzt im Status "Ausgef³hrt". Dienst "DNS-Client" befindet sich jetzt im Status "Ausgef³hrt". Dienst "Shellhardwareerkennung" befindet sich jetzt im Status "Ausgef³hrt". Dienst "Aufgabenplanung" befindet sich jetzt im Status "Ausgef³hrt". Dienst "Druckwarteschlange" befindet sich jetzt im Status "Ausgef³hrt". Dienst "Basisfiltermodul" befindet sich jetzt im Status "Ausgef³hrt". Dienst "Windows-Firewall" befindet sich jetzt im Status "Ausgef³hrt". Dienst "Arbeitsstationsdienst" befindet sich jetzt im Status "Ausgef³hrt". this is from german eventlogs, the ÄÖÜß chars are not displayed well in a dos box but are transfered correctly by the system. Edited December 21, 2009 by JRSmile $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now