I have used the Microsoft Knowledge Base article located here: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q299475
to manually build up some limited hashes manually.
I'd like to have the time to build an entire module out of this info. Maybe someone else already has...
-----Original Message-----
From: Mcguire, Timothy L (Tim), MGSVC [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 05, 2002 9:22 AM
To: [EMAIL PROTECTED]
Subject: Win32::EventLog Strings
I split out the $handle->{Strings) with a seperator of a \x00 and join back together with a seperator of \n. and get out put of some thing like...
Security
File
\Device\NetBT_Tcpip_{1D9884B7-7889-4709-8DAE-F13AF6AD057F}
-
0
147620042
3224
IWAM_SERVER
RTPWEB01
(0x0,0x2541B)
IUSR_SERVER
SERVER
(0x0,0x4C660FF)
%%1541 %%4416 %%4417
-
Does any one know how to lookup the associated field names (a hash building function would be wonderful) to produce output of something like (Event Viewer Output).....
Object Open:
Object Server: Security
Object Type: File
Object Name: \Device\NetBT_Tcpip_{1D9884B7-7889-4709-8DAE-F13AF6AD057F}
New Handle ID: -
Operation ID: {0,147616077}
Process ID: 3224
Primary User Name: IWAM_Server
Primary Domain: Server
Primary Logon ID: (0x0,0x2541B)
Client User Name: IUSR_Server
Client Domain: Server
Client Logon ID: (0x0,0x4C660FF)
Accesses SYNCHRONIZE
ReadData (or ListDirectory)
WriteData (or AddFile)
Privileges -
It would be nice to convert some of the codes to, but I am mostly losing sleep over the field names.
Thanks,
Tim
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
