博客首页 注册 建议与交流 排行榜 加入友情链接
推荐 投诉 搜索: 帮助

星瞳——吾爱

本BLOG的技术类文章,未注明转贴,都是原创。放在“原创”文件夹的肯定是原创;其它文件夹的有些文章因部分文字是网上各处摘录的,故未放在“原创”文件夹中。 我的另一BLOG是 http://www.aixchina.net/?1865
WINDOWS平台实现筛选安全日志和发送邮件

    这个VBSCRIPT实现的功能是获取昨天至今的某WINDOWS机器的所有登录信息,并将结果发送邮件出来。

'--------------------
'筛选安全日志
'--------------------

intEventID = 528
intDayToCheck = 1
strOutputFile = "c:\SecurityLog.txt"

strComputerName = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputerName & "\root\cimv2")

Set objFSO = CreateObject("Scripting.FileSystemobject")
Set objOutputFile = objFSO.OpenTextFile(strOutputFile,2,True)

Set colLoggedEvents = objWMIService.ExecQuery _
 ("Select * from Win32_NTLogEvent Where LogFile='Security' " _
 &"And EventCode=" &intEventID _
 &"And TimeWritten >'" &now()-intDayToCheck &"'")
For Each objEvent in colLoggedEvents

'Get user account's full name
 arrUserInfo = Split(objEvent.User,"\")
 strUserDomain = arrUserInfo(0)
 strUserName = arrUserInfo(1)
 Set colUsers = objWMIService.ExecQuery _
     ("Select * from Win32_UserAccount Where Domain = '" &strUserDomain _
      &"' AND Name = '" &strUserName &"'")
 For Each objUser In colUsers
     strUserFullName = objUser.FullName
 Next

 MyArray = Split(objEvent.Message, vbCrlf)
 strOutput = strOutput _
  &"记录号: " &objEvent.RecordNumber &vbCrlf _
  &"时间: " &WMIDateToString(objEvent.TimeWritten) &vbCrlf _
  &"用户帐户: " &objEvent.User &vbCrlf _
  &"用户名称: " &strUserFullName &vbCrlf _
  &"计算机名: " &objEvent.ComputerName &vbCrlf _
  &MyArray(8) &VbCrLf _
  &MyArray(28) &VbCrLf &VbCrLf
Next
objOutputFile.WriteLine strOutput
objOutputFile.close

'WScript.Echo "运行结束"

'--------------------
'发送邮件
'--------------------
Content = "c:\SecurityLog.txt"
Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(Content, ForReading)
ReadAllTextFile = objTextFile.ReadAll

NameSpace = "http://schemas.microsoft.com/cdo/configuration/"
Set Email = CreateObject("CDO.Message")
Email.From = "mawentao@[99.1.72.98]"
Email.To = "winck@[99.1.72.230]"
Email.Subject = "99.1.72.98昨日至今登录信息--" &now()
Email.Textbody = ReadAllTextFile

With Email.Configuration.Fields
.Item(NameSpace&"sendusing") = 2
.Item(NameSpace&"smtpserver") = "99.1.72.230"
.Item(NameSpace&"smtpserverport") = 25
.Item(NameSpace&"smtpauthenticate") = 1
.Item(NameSpace&"sendusername") = "winck"
.Item(NameSpace&"sendpassword") = ""
.Update
End With
Email.Send
'******************************************************************************
Function WMIDateToString(dtmDate)
 If isnull(dtmDate) Or dtmDate = "" Then
  WMIDateToString = "N/A"
 Else
  WMIDateToString = CDate(Mid(dtmDate,5,2) & "-" & _
                   Mid(dtmDate,7,2) & "-" & _
                   Left(dtmDate,4) & " " & _
                   Mid(dtmDate,9,2) & ":" & _
                   Mid(dtmDate,11,2) & ":" & _
                   Mid(dtmDate,13,2))
 End If 
End Function

    注:实际工作中,这个脚本已作废,因为采用了更科学的方式。


========================================================================
任何形式的转载,请写明出处:
email: beginner@yeah.net
blog: http://www.aixchina.net/?1865   http://www.cublog.cn/u/739/
========================================================================

发表于: 2008-07-07,修改于: 2008-07-07 17:00,已浏览97次,有评论0条 推荐 投诉

给我留言
版权所有 ChinaUnix.net 页面生成时间:0.51408