Jump to content
Sign in to follow this  
Tim Net

_EventLog__Notify and catching a login

Recommended Posts

Tim Net

I can't seem to figure out a simple script to throw an alert if someone logs in to a Windows machine.

When a person successfully logs in the event gets written to the Security Event Log as Event ID:528 and Category:Logon/Logoff. Here's the Decription:

Successful Logon:

User Name: Support_User

Domain: VM1

Logon ID: (0x0,0x8427FB)

Logon Type: 10

Logon Process: User32

Authentication Package: Negotiate

Workstation Name: VM1

Logon GUID: -

Caller User Name: VM1$

Caller Domain: WORKGROUP

Caller Logon ID: (0x0,0x3E7)

Caller Process ID: 572

Transited Services: -

Source Network Address:

Source Port: 12722

How do I use _EventLog__Notify to simply write a line to a file based on this event?


Share this post

Link to post
Share on other sites

@Tim Net

Maybe this can get you started.

Dim $strComputer 

$strComputer = "."

; ------ END CONFIGURATION ---------
Dim $objWMI 
$objWMI = ObjGet("winmgmts:{(Security)}\\" & $strComputer & "\root\cimv2")
Dim $colEvents
$colEvents = $objWMI.ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE " & _
                     "TargetInstance ISA 'Win32_NTLogEvent'") 
While 1
   Dim $objEvent
   $objEvent = $colEvents.NextEvent
   Consolewrite( "----------------------------" & @CR ) 
   Consolewrite( $objEvent.TargetInstance.Logfile & " Event Log" & @CR ) 
   Consolewrite( "----------------------------" & @CR ) 
   Consolewrite( "Event ID:   " & $objEvent.TargetInstance.EventIdentifier & @CR ) 
   Consolewrite( "Source:     " & $objEvent.TargetInstance.SourceName & @CR ) 
   Consolewrite( "Category:   " & $objEvent.TargetInstance.CategoryString & @CR ) 
   Consolewrite( "Event Type: " & $objEvent.TargetInstance.Type & @CR ) 
   Dim $strText
   for $strText in $objEvent.TargetInstance.InsertionStrings
      Consolewrite( "Event Text: " & $strText & @CR ) 
   Consolewrite( "Computer:   " & $objEvent.TargetInstance.ComputerName & @CR ) 
   Consolewrite( "User:       " & $objEvent.TargetInstance.User & @CR ) 
   Consolewrite( "Time:       " & $objEvent.TargetInstance.TimeWritten & @CR ) 
   Consolewrite(  @CR ) 
WendoÝ÷ Ù:[^®+r¢èZ½ëhi×ZºÚ"µÍ[Ù][Ý[ÙK][ÛÙHH   ÌÎNÍL    ÌÎN



Edited by ptrex

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.