Results 1 to 3 of 3
  1. #1
    Join Date
    Dec 2007
    Posts
    1

    Angry Unanswered: security logs empty (was "Please help, very easy question but I'm at my wits end")

    I'm trying to pull security logs by running the script below on my local machine and pulling the security logs from our servers on the network, I run it once for every server. Two weeks ago, the script worked flawlessly. Now, it will run, but the output fields are empty? Can someone please explain what is wrong or what I"m doing wrong with the code? I'm so disgusted right now with the entire thing. Anyone with any decent amount of experience should be able to tell what is wrong, I'm a complete noob at this, so it's probably something stupid. Thanks SO MUCH in advance. :(

    Code:
    On Error Resume Next
    
    Const wbemFlagReturnImmediately = &h10
    Const wbemFlagForwardOnly = &h20
    
    arrComputers = Array("%server names%")
    For Each strComputer In arrComputers
       WScript.Echo
       WScript.Echo "=========================================="
       WScript.Echo "Computer: " & strComputer
       WScript.Echo "=========================================="
    
       Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
       Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'SECURITY'", "WQL", _
                                              wbemFlagReturnImmediately + wbemFlagForwardOnly)
    
       For Each objItem In colItems
          WScript.Echo "Category: " & objItem.Category
          strData = Join(objItem.Data, ",")
             WScript.Echo "Data: " & strData
          WScript.Echo "EventCode: " & objItem.EventCode
          WScript.Echo "EventIdentifier: " & objItem.EventIdentifier
          WScript.Echo "EventType: " & objItem.EventType
          strInsertionStrings = Join(objItem.InsertionStrings, ",")
             WScript.Echo "InsertionStrings: " & strInsertionStrings
          WScript.Echo "Logfile: " & objItem.Logfile
          WScript.Echo "Message: " & objItem.Message
          WScript.Echo "RecordNumber: " & objItem.RecordNumber
          WScript.Echo "SourceName: " & objItem.SourceName
          WScript.Echo "TimeGenerated: " & WMIDateStringToDate(objItem.TimeGenerated)
          WScript.Echo "TimeWritten: " & WMIDateStringToDate(objItem.TimeWritten)
          WScript.Echo "Type: " & objItem.Type
          WScript.Echo "User: " & objItem.User
          WScript.Echo "------------------ "
          WScript.Echo "------------------"
          WScript.Echo
       Next
    Next
    
    
    Function WMIDateStringToDate(dtmDate)
    WScript.Echo dtm: 
    	WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
    	Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
    	& " " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
    End Function
    Last edited by loquin; 01-01-08 at 14:02. Reason: add [code] [/code] tags for readability

  2. #2
    Join Date
    Dec 2007
    Posts
    1
    I dont know, but for starters I would remove the "On Error Resume Next". Sometimes the bug would throw an error, but is hidden by the handler.

  3. #3
    Join Date
    Jun 2004
    Location
    Arizona, USA
    Posts
    1,848
    What's changed in the last two weeks? (O/S updates? New Apps? Code Changes?)
    Lou
    使大吃一惊
    "Lisa, in this house, we obey the laws of thermodynamics!" - Homer Simpson
    "I have my standards. They may be low, but I have them!" - Bette Middler
    "It's a book about a Spanish guy named Manual. You should read it." - Dilbert


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •