This ought to do it for you...
$WMI = Win32::OLE->new('WbemScripting.SWbemLocator');
# Add Privileges for reading the Security-log
$WMI->{Security_}->{Privileges}->AddAsString("SeSecurityPrivilege") if $WMI;
Scott Campbell
Senior Software Developer
Somix Technologies
http://www.somix.com
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Frank Blackwelder
Sent: Monday, September 20, 2004 1:11 PM
To: [EMAIL PROTECTED]
Subject: Security Event Log using WMI
Hello all,
I am working on a script to retrieve event log information from several
servers using WMI. I am able to read System and Application information
without any difficulty, but am unable to read any data from the security
log. After googling it seems the problem is with the security level under
which the script accesses WMI. On one of the pages I visited I found a vbs
script that does what I am attempting to do using perl. Unfortunately I am
having no success converting the script and I was hopping that someone would
point out my error.
The relevant section of the vbs script is:
Set EventSet =
GetObject("winmgmts:{impersonationLevel=impersonate,(security)}"). _
ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE Logfile =
'Security'")
What I have so far for perl is:
#!/usr/bin/perl
use strict;
use warnings;
use Win32::OLE('in');
Win32::OLE->Option("Warn"=>3);
# OPTIONS
my $RECORDINFORMATION=1;
my $RECORDWARNINGS=1;
my $RECORDERRORS=1;
my $summaryFile='eventLogSummary.html';
my $logFile='eventLogSummary.log';
my $date=scalar(localtime());
my %htmlConfig;
$htmlConfig{date}="$date";
my $computer=shift || ".";
open (SUMMARY,">$summaryFile") or die "Could not open $summaryFile $!\n";
startHTML(\%htmlConfig); my $WMIService =
Win32::OLE->GetObject("winmgmts:{impersonationLevel=impersonate,(securit
y)}");
my $eventLog=$WMIService->ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE
Logfile ='Security'");
print SUMMARY "<h2 align=center>$computer</h2>\n";
foreach my $entry (in $eventLog){
my @data="";
my @insertionData="";
my $flaggedMessage="";
my $bgColor="";
my $eventType=$entry->{Type};
if (lc($eventType)eq'error'&& $RECORDERRORS ){
$flaggedMessage='1';
$bgColor='red';}
elsif (lc($eventType)eq'warning' && $RECORDWARNINGS){
$flaggedMessage='1';
$bgColor='yellow';}
elsif (lc($eventType)eq'information' && $RECORDINFORMATION){
$flaggedMessage='1';
$bgColor='grey'}
else
{$flaggedMessage='0';}
if ($flaggedMessage){
print SUMMARY "<table border=1 cellpadding=2
cellspacing=2 width='600'>\n";
print SUMMARY "<tr><td>Type:</td>\n";
$eventType=uc($eventType);
print SUMMARY "<td bgColor=$bgColor>$eventType</td>\n";
print SUMMARY "<td>Logfile:</td>\n";
print SUMMARY "<td>$entry->{Logfile}</td></tr>\n";
print SUMMARY "<tr><td>ComputerName:</td>\n";
print SUMMARY "<td>$entry->{ComputerName}</td>\n";
print SUMMARY "<td>User:</td>\n";
print SUMMARY "<td>$entry->{User}</td></tr>\n";
print SUMMARY "<tr><td>EventCode:</td>\n";
print SUMMARY "<td>$entry->{EventCode}</td>\n";
my $eventID = $entry->{EventIdentifier};
# the eventid must be anded with 0xffff to
# display the true event id as report by
# event viewer
$eventID = $eventID & 0xffff;
print SUMMARY "<td>EventIdentifier:</td>\n";
print SUMMARY "<td>$eventID</td></tr>";
print SUMMARY "<tr><td>RecordNumber:</td>\n";
print SUMMARY "<td>$entry->{RecordNumber}</td>\n";
print SUMMARY "<td>SourceName: </td>\n";
print SUMMARY "<td>$entry->{SourceName}</td></tr>\n";
my $timeGenerated=WMIDate($entry->{TimeGenerated});
print SUMMARY "<tr><td>TimeGenerated:</td>\n";
print SUMMARY "<td>$timeGenerated</td>\n";
my $timeWritten=WMIDate($entry->{TimeWritten});
print SUMMARY "<td>TimeWritten:</td>\n";
print SUMMARY "<td>$timeWritten</td></tr>\n";
print SUMMARY "<tr><td>Message:</td>\n";
print SUMMARY "<td colspan=3>$entry->{Message}</tr></td>\n";
if ($entry->{InsertionStrings}){
my $insertionArray=$entry->{InsertionStrings};
@[EMAIL PROTECTED];
print SUMMARY
"<tr><td>InsertionStrings:</td>\n";
print SUMMARY "<td
colspan=3>@insertionData</td></tr>\n";
}
print SUMMARY "<BR><BR>\n";
endHTML();
}
}
###########################
sub WMIDate{
my $value=shift;
chomp $value;
my $date=substr($value,4,2)."/".substr($value,6,2)."/".substr($value,0,4);
my
$time=substr($value,8,2).":".substr($value,10,2).":".substr($value,12,2)
;
my $retValue="Date: $date, Time: $time";
return $retValue;
}
###########################
# print expected html header information to
# static File
sub startHTML{
my $config=shift;
print SUMMARY "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01
Transitional//EN'>"; print SUMMARY "<html>\n<head>\n"; print SUMMARY
"<title>Event Log Summary for $$config{date}</title>\n"; print SUMMARY
"</head>\n<body>\n" }
############################
# print expected html footer
sub endHTML{
print SUMMARY " </body> </html>\n"
}
Any help you could offer would be greatly appreciated.
Frank Blackwelder
_______________________________________________
Perl-Win32-Admin mailing list [EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail scanned for viruses by Declude Virus]
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
