Hello all
I have a script that I found on the Internet that almost does what I want it to do... the problem is I do not find clear enough doucmentation on how to get more from it.
I need a script which will watch for certain events on certain machines coming from certain machine names and from certain IDs.
Can someone tell me how I can amend this script so that it will print out all of the information that I am able to see in the Security Log in the Event Viewer? As I have said, I cannot find the information which will tell me how to find out what the names are for each item in the Security Log. I thought that there might be a dump function which would dump all the variables and then I could pick and choose, but I cannot find any thing that indicates this type of thing exists.
thanks for all your help
# -----------------------------------------------------------------------------
# From the book "Managing Enterprise Active Directory Services"
# ISBN: 0-672-32125-4
# Copyright (C) 2002 by Addison-Wesley
# Code by Richard Puckett
#
# You have a royalty-free right to use, modify, reproduce and distribute
# this code (and/or any modified version) in any way you find useful,
# with the agreement that Richard Puckett or Addison-Wesley provide no
# warranty, obligations or liability for this code. If you reuse or
# modify this code, you must retain this copyright notice.
# -----------------------------------------------------------------------------
#! c:\perl\bin\perl.exe -w
use strict;
use Win32;
use Win32::OLE qw(in);
use Mail::Sender;
my $Computer = Win32::NodeName;
my $evtQuery = "SELECT * FROM __instancecreationevent WHERE targetinstance ISA 'Win32_NTLogEvent' AND targetinstance.Logfile='Security'";
my $Events = Win32::OLE->GetObject("WinMgmts:{impersonationLevel=impersonate,(security)}")->
ExecNotificationQuery($evtQuery) || die Win32::OLE->LastError;
print "Polling for new Security Events...\n";
while (my $Event = $Events->NextEvent) {
if (($Event->TargetInstance->{EventIdentifier}==681) or ($Event->TargetInstance->{EventIdentifier}==529) or ($Event->TargetInstance->{EventIdentifier}==539)){
print "-" x 75;
print "\n";
my $EvtID = $Event->TargetInstance->{EventCode};
print " EventCode: ".$EvtID."\n";
print " Category: ".$Event->TargetInstance->{Category}."\n";
print " CategoryString: ".$Event->TargetInstance->{CategoryString}."\n";
print " ComputerName: ".$Event->!
TargetInstance->{ComputerName}."\n";
print " EventIdentifier: ".$Event->TargetInstance->{EventIdentifier}."\n";
print "InsertionStrings: ".$Event->TargetInstance->{InsertionStrings}."\n";
print " Logfile: ".$Event->TargetInstance->{Logfile}."\n";
print " RecordNumber: ".$Event->TargetInstance->{RecordNumber}."\n";
print " SourceName: ".$Event->TargetInstance->{SourceName}."\n";
print " TimeGenerated: ".$Event->TargetInstance->{TimeGenerated}."\n";
print " TimeWritten: ".$Event->TargetIns!
tance->{TimeWritten}."\n";
&
nbsp; print " Type: ".$Event->TargetInstance->{Type}."\n";
print " User: ".$Event->TargetInstance->{User}."\n";
print "-" x 75;
print "\n";
# Send off an e-mail about the captured event...
my $DateTime = scalar(localtime());
e_mail([EMAIL PROTECTED],
"Event $EvtID was generated on $Computer on $DateTime",
$Event->TargetInstance->{Message});
print "Polling for new Security Events...\n";
} # end if
} #end while
# send an e-mail warning
#---------------------------------------------------------
sub e_mail{
#---------------------------------------------------------
my $recipient = shift;
my $subject = shift;
my $msgbody = shift;
my $Sender = new Mail::Sender{from => "[EMAIL PROTECTED]",
smtp => "mailhost.on.bell.ca"}
|| die " - Error $^E: Unable to send message!\n";
$Sender->Open({to => "$recipient", subject => "$subject", cc => "$recipient"});
$Sender->Send("$msgbody");
$Sender->Close;
}
Don't just Search. Find! The new MSN Search: Fast. Clear. Easy.
_______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
