ok , i have the username and password of local machine, i'am a starter in python
this is my code, the arguments "server" take only
an ip and when i tray to run the code i can't know
how i have to authenticate the connection.
Thanks.
#python C:\python\5_Forensic_Basic\eventlog.py
# Windows Event Log Viewer
# FB - 201012116
import win32evtlog # requires pywin32 pre-installed
import pdb
server = '192.168.1.10' # name of the target computer to get event logs
try:
logtype = 'System' # 'Application' # 'Security'
hand = win32evtlog.OpenEventLog(server,logtype)
flags =
win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
total = win32evtlog.GetNumberOfEventLogRecords(hand)
pdb.set_trace()
while True:
print ("test")
events = win32evtlog.ReadEventLog(hand, flags,0)
if events:
for event in events:
print ('Event Category:', event.EventCategory)
print ('Time Generated:', event.TimeGenerated)
print ('Source Name:', event.SourceName)
print ('Event ID:', event.EventID)
print ('Event Type:', event.EventType)
data = event.StringInserts
if data:
print ('Event Data:')
for msg in data:
print (msg)
print()
except Exception as err:
print("Exception")
print(str(err))
if __name__ == "__main__":
try:
print ("start")
except getopt.GetoptError as err:
print(str(err))
Ruggero Paolo Basile
Cellulare: 3403216393
Mail: [email protected]<mailto:[email protected]>
Privacy Policy<https://ora-0.it/privacy-policy/> Company
Policy<https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf>
[cid:[email protected]]
________________________________
Da: python-win32 <[email protected]>
per conto di Tim Roberts <[email protected]>
Inviato: giovedì 16 settembre 2021 03:17:56
A: [email protected]
Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is
denied.')
Ruggero Paolo Basile wrote:
>
>
> Good morning i'am try to connect to remote host and get the eventlog
> from windows , but in the
>
> module i can't find a value for authentication.
> Have you some news?
>
> this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is
> denied.')"
To do that operation, your username has to have permission on that
remote machine. Are you using a domain? Are you logged in as a domain
administrator?
This article talks about it, but since Windows security is a vast, dark,
confusing, twisted mess, I'm not sure you'll be able to make it work.
https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008
If you bring up the Event Viewer application ("eventvwr"), under Action,
there's a "Connect to Another Computer" option. Does that work for you?
--
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
_______________________________________________
python-win32 mailing list
[email protected]
https://mail.python.org/mailman/listinfo/python-win32
