 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows Server 2003 / Scripting / September 2007filter security log
Hi all. I would like to retrieve object access logs on a particular folder from my security log as my security log contains too many other logs. I have enabled auditing on that particular folder. Is there a way i can filter according to object access logs on that particular folder using a script? Thks in advance. > Hi all. I would like to retrieve object access logs on a particular folder > from my security log as my security log contains too many other logs. I have > enabled auditing on that particular folder. Is there a way i can filter > according to object access logs on that particular folder using a script? > Thks in advance. Maybe you could use WMI and Win32_NTLogEvent class to check if event description contains name of the folder you are monitoring: strComputer = "." Set objWMIService = GetObject("winmgmts:" & _ "{impersonationLevel=impersonate," & _ "(Security)}!\\" & _ strComputer & "\root\cimv2") Set colLoggedEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent " & _ "Where Logfile = 'Security' " & _ "And Message Like '%C:\\MonitoredFolder%'") For Each objEvent in colLoggedEvents WScript.Echo objEvent.TimeGenerated WScript.Echo objEvent.Message WScript.Echo Next WScript.Echo "Done" I haven't used this before so I'm not sure if it will work for you. There is also a script named eventquery.vbs in my System32 folder (I'm using Windows XP). Maybe you can find it useful.  Signatureurkec |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.