Photo Gallery Member List Search Calendars FAQ Ticket List Log Out


Collects Administrator Failed Logon Event

  		Logged in as: Guest
arrSession:exec spGetSession 2,16,51345
Active Users: There are 0 members and 0 guests.
Users viewing this topic: none
 

 

  
 
  Printable Version
All Forums >> [Scripting] >> Post a VBScript >> Collects Administrator Failed Logon Event
  Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks! 		Page: [1]
Login
Message << Older Topic   Newer Topic >>
Collects Administrator Failed Logon Event - 8/30/2007 3:43:15 AM   
  jeferson.propheta

 

Posts: 10
Score: 0
Joined: 8/27/2007
Status: offline 		'**********************************************************************************************************************
'*   This script collects from the machine, the Administrator Failed Logon entrys from the local Security Event Logs.                                                    *
'*   -------------------------------------                                                                                                                                                                                   *
'*   Written by: Jeferson Propheta and Ricardo Calina                                                                                                                                                     *
'*   December / 2006                                                                                                                                                                                                          *
'**********************************************************************************************************************




Option Explicit

Dim objFso, objFolder, objWMI, objEvent ' Objects
Dim strFile, strComputer, strFolder, strFileName, strPath ' Strings
Dim intEvent, intNumberID, intRecordNum, colLoggedEvents, objShell, srtUsename, wMessage, wPesq

intEvent = 1
intRecordNum = 1
strComputer = "."
srtUsename = "JPropheta"
wPesq = InStr(1, wMessage, srtUsename,1)
strFileName = "\Security_Event_Log.txt"
strFolder = "C:\TEMP"
strPath = strFolder & strFileName

'-----------------------------------------
'WMI Date Transformation
Function WMIDateStringToDate(dtmInstallDate)
WMIDateStringToDate = CDate(Mid(dtmInstallDate, 5, 2) & "/" & _
Mid(dtmInstallDate, 7, 2) & "/" & Left(dtmInstallDate, 4) _
& " " & Mid (dtmInstallDate, 9, 2) & ":" & _
Mid(dtmInstallDate, 11, 2) & ":" & Mid(dtmInstallDate, _
13, 2))
End Function


' ----------------------------------------
' Folder Creation
Set objFso = CreateObject("Scripting.FileSystemObject")

If objFSO.FolderExists(strFolder) Then
  Set objFolder = objFSO.GetFolder(strFolder)
Else
Set objFolder = objFSO.CreateFolder(strFolder)
Wscript.Echo "Folder created " & strFolder
End If
Set strFile = objFso.CreateTextFile(strPath, True)

'--------------------------------------------
' File Creation
' Then creates WMI connector to the Logs

Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMI.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security' AND EventCode = 529")

' Loop
intEvent = 1
For Each objEvent in colLoggedEvents
wPesq = InStr(1,objEvent.Message, srtUsename,1)
   If wPesq <> 0 then
strFile.WriteLine ("========================================================================")
strFile.WriteLine ("Computer Name: " & objEvent.ComputerName)
strFile.WriteLine ("========================================================================")
strFile.WriteLine ("Message: " & objEvent.Message)
strFile.WriteLine ("========================================================================")
strFile.WriteLine ("Time Written: " & WMIDateStringToDate(objEvent.TimeWritten))
strFile.WriteLine ("========================================================================")
strFile.WriteLine (" ")
strFile.WriteLine (" ")
strFile.WriteLine (" ")
'strFile.WriteLine ("Record No: ")& intEvent
'strFile.WriteLine ("Category: " & objEvent.Category)
'strFile.WriteLine ("User: " & objEvent.User)
'strFile.WriteLine ("Record Number: " & objEvent.RecordNumber)
'strFile.WriteLine ("Source Name: " & objEvent.SourceName)
'strFile.WriteLine ("Event Code: " & objEvent.EventCode)
'strFile.WriteLine ("Event Type: " & objEvent.Type)

intRecordNum = intRecordNum +1
IntEvent = intEvent +1
end if
Next

WScript.Quit


      

< Message edited by jeferson.propheta -- 8/30/2007 4:07:22 AM >

_____________________________

Wscript.Echo("Just4 Fun")
 
 
Revisions: 1 | Post #: 1
 
 
 
 

If you found our site useful please link to us <a href="http://www.visualbasicscript.com">VisualBasicScript.com</a>.
All Forums >> [Scripting] >> Post a VBScript >> Collects Administrator Failed Logon Event Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.5.5 ANSI