Tim Net Posted February 20, 2008 Share Posted February 20, 2008 I can't seem to figure out a simple script to throw an alert if someone logs in to a Windows machine.When a person successfully logs in the event gets written to the Security Event Log as Event ID:528 and Category:Logon/Logoff. Here's the Decription:Successful Logon: User Name: Support_User Domain: VM1 Logon ID: (0x0,0x8427FB) Logon Type: 10 Logon Process: User32 Authentication Package: Negotiate Workstation Name: VM1 Logon GUID: - Caller User Name: VM1$ Caller Domain: WORKGROUP Caller Logon ID: (0x0,0x3E7) Caller Process ID: 572 Transited Services: - Source Network Address: 192.168.100.5 Source Port: 12722How do I use _EventLog__Notify to simply write a line to a file based on this event?TIA Link to comment Share on other sites More sharing options...
ptrex Posted February 21, 2008 Share Posted February 21, 2008 (edited) @Tim Net Maybe this can get you started. ; ------ SCRIPT CONFIGURATION ------ Dim $strComputer $strComputer = "." ; ------ END CONFIGURATION --------- Dim $objWMI $objWMI = ObjGet("winmgmts:{(Security)}\\" & $strComputer & "\root\cimv2") Dim $colEvents $colEvents = $objWMI.ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE " & _ "TargetInstance ISA 'Win32_NTLogEvent'") While 1 Dim $objEvent $objEvent = $colEvents.NextEvent Consolewrite( "----------------------------" & @CR ) Consolewrite( $objEvent.TargetInstance.Logfile & " Event Log" & @CR ) Consolewrite( "----------------------------" & @CR ) Consolewrite( "Event ID: " & $objEvent.TargetInstance.EventIdentifier & @CR ) Consolewrite( "Source: " & $objEvent.TargetInstance.SourceName & @CR ) Consolewrite( "Category: " & $objEvent.TargetInstance.CategoryString & @CR ) Consolewrite( "Event Type: " & $objEvent.TargetInstance.Type & @CR ) Dim $strText for $strText in $objEvent.TargetInstance.InsertionStrings Consolewrite( "Event Text: " & $strText & @CR ) next Consolewrite( "Computer: " & $objEvent.TargetInstance.ComputerName & @CR ) Consolewrite( "User: " & $objEvent.TargetInstance.User & @CR ) Consolewrite( "Time: " & $objEvent.TargetInstance.TimeWritten & @CR ) Consolewrite( @CR ) WendoÝ÷ Ù:[^®+r¢èZ½ëhi×ZºÚ"µÍ[Ù][Ý[ÙK][ÛÙHH ÌÎNÍL ÌÎN Regards ptrex Edited February 21, 2008 by ptrex Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM - New Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now