Okay - I put your code into my scripts and here is what I got...
F:\Inetpub\Scripts>dumpevt.pl
Global symbol "$MemberAccount" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 58.
Global symbol "$MemberAccount" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 60.
Global symbol "%Attribs" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 60.
Global symbol "$MemberName" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 62.
Global symbol "%Attribs" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 62.
Global symbol "$CallerAccount" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 63.
Global symbol "%Attribs" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 64.
Global symbol "$CallerName" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 66.
Global symbol "%Attribs" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 66.
Global symbol "$CallerName" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 70.
Global symbol "$CallerName" requires explicit package name at
F:\Inetpub\Scripts\dumpevt.pl line 75.
Execution of F:\Inetpub\Scripts\dumpevt.pl aborted due to compilation
errors.
New script:
#----------------------------------------------------
# dumpevt.pl
#
# Purpose: Demonstrate the use of Win32::EventLog
# Usage: perl evt.pl [Server] [> outputfile]
# Requires: No additional modules. Win32::EventLog is
# part of the ActiveState distribution
#
# Author: Harlan Carvey, [EMAIL PROTECTED]
#----------------------------------------------------
use strict;
use Win32::EventLog;
use Win32::Perms;
use Win32::AdminMisc;
my $server = shift || Win32::NodeName;
\&GetEvents($server,"System");
#----------------------------------------------------
# GetEvents()
# Input: Server name, EventLog
# Output: Log entries, to STDOUT
#----------------------------------------------------
sub GetEvents {
my($server,$log) = @_;
my ($evt,$total,$oldest,$evtHashRef);
my $start = 0;
$evt = Win32::EventLog->new($log,$server) ||
die "Could not open $log log on $server: $!\n";
$evt->GetNumber($total) || die "Can't get number of
EventLog records: $!\n";
$evt->GetOldest($oldest) || die "Can't get number of
oldest EventLog record: $!\n";
while ($start < $total) {
$evt->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,$oldest+$start,$evtHash
Ref)
or die "Can't read EventLog entry #$start\n";
print "-" x 75; print "\n";
print "Server: $server\n";
print "Log: $log\n";
print "RecordNumber: ".${$evtHashRef}{RecordNumber}."\n";
print "Source: ".${$evtHashRef}{Source}."\n";
print "Computer: ".${$evtHashRef}{Computer}."\n";
print "Category: ".${$evtHashRef}{Category}."\n";
my $id = (${$evtHashRef}{EventID} & 0xffff);
print "Event ID: ".$id."\n";
print "EventType: ".${$evtHashRef}{EventType}."\n";
print "Time Generated: ".localtime(${$evtHashRef}{TimeGenerated})."\n";
print "Time Written: ".localtime(${$evtHashRef}{Timewritten})."\n";
my $sid = unpack("H" . 2 * length(${$evtHashRef}{User}),
${$evtHashRef}{User});
##---CONVERT SID TO USERNAME
$MemberAccount = uc(Win32::Perms::ResolveAccount($sid));
if (Win32::AdminMisc::UserGetMiscAttributes("", $MemberAccount,
\%Attribs))
{
$MemberName = $Attribs{USER_FULL_NAME};
if (Win32::AdminMisc::UserGetMiscAttributes("", $CallerAccount,
\%Attribs))
{
$CallerName = $Attribs{USER_FULL_NAME};
}
else
{
$CallerName = "Name Not Found";
}
}
##---CONVERT SID TO USERNAME
print "User: ".$CallerName."\n";
Win32::EventLog::GetMessageText($evtHashRef);
my $msg = $evtHashRef->{Message};
print "Message: $msg\n";
print "\n\n";
$start++;
}
}
-----Original Message-----
From: Bullock, Howard A. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 3:26 PM
To: '[EMAIL PROTECTED]'; perl-win32-admin@listserv.
ActiveState. com
Subject: RE: Resolving SID to username
Here's one way...You can also use the Lanman module
use Win32::Perms;
use Win32::AdminMisc;
$MemberAccount = uc(Win32::Perms::ResolveAccount($SID));
if (Win32::AdminMisc::UserGetMiscAttributes("", $MemberAccount, \%Attribs))
{
$MemberName = $Attribs{USER_FULL_NAME};
if (Win32::AdminMisc::UserGetMiscAttributes("", $CallerAccount,
\%Attribs))
{
$CallerName = $Attribs{USER_FULL_NAME};
}
else
{
$CallerName = "Name Not Found";
}
}
-----Original Message-----
From: Christopher A. Libby [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 26, 2001 3:18 PM
To: perl-win32-admin@listserv. ActiveState. com
Subject: Resolving SID to username
How would I resolve a SID to a username in this script:
#----------------------------------------------------
# dumpevt.pl
#
# Purpose: Demonstrate the use of Win32::EventLog
# Usage: perl evt.pl [Server] [> outputfile]
# Requires: No additional modules. Win32::EventLog is
# part of the ActiveState
distribution
#
# Author: Harlan Carvey, [EMAIL PROTECTED]
#----------------------------------------------------
use strict;
use Win32::EventLog;
my $server = shift || Win32::NodeName;
\&GetEvents($server,"System");
#----------------------------------------------------
# GetEvents()
# Input: Server name, EventLog
# Output: Log entries, to STDOUT
#----------------------------------------------------
sub GetEvents {
my($server,$log) = @_;
my ($evt,$total,$oldest,$evtHashRef);
my $start = 0;
$evt = Win32::EventLog->new($log,$server) ||
die "Could not open $log log on $server: $!\n";
$evt->GetNumber($total) || die "Can't get number of
EventLog records: $!\n";
$evt->GetOldest($oldest) || die "Can't get number of
oldest EventLog record: $!\n";
while ($start < $total) {
$evt->Read(EVENTLOG_FORWARDS_READ|EVENTLOG_SEEK_READ,$oldest+$start,$evtHash
Ref)
or die "Can't read EventLog entry #$start\n";
print "-" x 75; print "\n";
print "Server: $server\n";
print "Log: $log\n";
print "RecordNumber: ".${$evtHashRef}{RecordNumber}."\n";
print "Source: ".${$evtHashRef}{Source}."\n";
print "Computer: ".${$evtHashRef}{Computer}."\n";
print "Category: ".${$evtHashRef}{Category}."\n";
my $id = (${$evtHashRef}{EventID} & 0xffff);
print "Event ID: ".$id."\n";
print "EventType: ".${$evtHashRef}{EventType}."\n";
print "Time Generated:
".localtime(${$evtHashRef}{TimeGenerated})."\n";
print "Time Written:
".localtime(${$evtHashRef}{Timewritten})."\n";
my $sid = unpack("H" . 2 * length(${$evtHashRef}{User}),
${$evtHashRef}{User});
print "User: ".$sid."\n";
Win32::EventLog::GetMessageText($evtHashRef);
my $msg = $evtHashRef->{Message};
print "Message: $msg\n";
print "\n\n";
$start++;
}
}
---------------------------------------------------------
Christopher A. Libby, Programmer/Analyst
Maine Public Service Company (www.mainepublicservice.com)
[EMAIL PROTECTED] (207) 768-5811 ext. 2210
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
