在 VBScript 中提取事件安全日志不返回任何值

问题描述 投票:0回答:1

下面是我尝试用来从 Windows 事件日志文件中提取信息的代码之一:

Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Security)}!\\" & "." & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent where LogFile='Application'")
WScript.Echo "Application Log Count:" & colEvents.count
Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent where LogFile='System'")
WScript.Echo "System Log Count:" & colEvents.count
Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent where LogFile='Security'")
WScript.Echo "Security Log Count:" & colEvents.count

我的问题是,这只能访问“应用程序”和“系统”日志文件,而不能访问“安全”日志文件。即使我使用这套代码:

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Security)}!\\" & "." & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile")
For Each objLogFile in colLogFiles
    Wscript.Echo objLogFile.name
Next

Output:

C:\Windows\System32\Winevt\Logs\Application.evtx
C:\Windows\System32\Winevt\Logs\HardwareEvents.evtx
C:\Windows\System32\Winevt\Logs\Internet Explorer.evtx
C:\Windows\System32\Winevt\Logs\Key Management Service.evtx
C:\Windows\System32\Winevt\Logs\Lenovo-Customer Feedback.evtx
C:\Windows\System32\Winevt\Logs\OAlerts.evtx
C:\Windows\System32\Winevt\Logs\PreEmptive.evtx
C:\Windows\System32\Winevt\Logs\Reason.evtx
C:\Windows\System32\Winevt\Logs\System.evtx
C:\Windows\System32\Winevt\Logs\Windows PowerShell.evtx

安全文件仍未包含在内。我使用的是 Windows 10 机器。我已尝试使用 WMI 的所有其他代码,但仍然无法访问安全日志文件。我的安全事件可通过事件查看器查看,并有数千条记录。

windows vbscript wmi
1个回答
0
投票

我用这个代码

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
 ("SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security'")
 For Each objEvent in colLoggedEvents
 Wscript.Echo "Category: " & objEvent.Category
 Wscript.Echo "Computer Name: " & objEvent.ComputerName
 Wscript.Echo "Event Code: " & objEvent.EventCode
 Wscript.Echo "Message: " & objEvent.Message
 Wscript.Echo "IpAddress: " & objEvent.Message
 Wscript.Echo "Record Number: " & objEvent.RecordNumber
 Wscript.Echo "Source Name: " & objEvent.SourceName
 Wscript.Echo "Time Written: " & objEvent.TimeWritten
 Wscript.Echo "Event Type: " & objEvent.Type
 Wscript.Echo "User: " & objEvent.User
Next
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.