Chinaunix首页 | 论坛 | 博客
  • 博客访问: 547766
  • 博文数量: 32
  • 博客积分: 5359
  • 博客等级: 大校
  • 技术积分: 1535
  • 用 户 组: 普通用户
  • 注册时间: 2005-01-04 20:39
文章分类

全部博文(32)

文章存档

2011年(1)

2010年(1)

2009年(6)

2008年(24)

我的朋友

分类: WINDOWS

2008-07-07 17:00:16

    这个VBSCRIPT实现的功能是获取昨天至今的某WINDOWS机器的所有登录信息,并将结果发送邮件出来。

'--------------------
'筛选安全日志
'--------------------

intEventID = 528
intDayToCheck = 1
strOutputFile = "c:\SecurityLog.txt"

strComputerName = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputerName & "\root\cimv2")

Set objFSO = CreateObject("Scripting.FileSystemobject")
Set objOutputFile = objFSO.OpenTextFile(strOutputFile,2,True)

Set colLoggedEvents = objWMIService.ExecQuery _
 ("Select * from Win32_NTLogEvent Where LogFile='Security' " _
 &"And EventCode=" &intEventID _
 &"And TimeWritten >'" &now()-intDayToCheck &"'")
For Each objEvent in colLoggedEvents

'Get user account's full name
 arrUserInfo = Split(objEvent.User,"\")
 strUserDomain = arrUserInfo(0)
 strUserName = arrUserInfo(1)
 Set colUsers = objWMIService.ExecQuery _
     ("Select * from Win32_UserAccount Where Domain = '" &strUserDomain _
      &"' AND Name = '" &strUserName &"'")
 For Each objUser In colUsers
     strUserFullName = objUser.FullName
 Next

 MyArray = Split(objEvent.Message, vbCrlf)
 strOutput = strOutput _
  &"记录号: " &objEvent.RecordNumber &vbCrlf _
  &"时间: " &WMIDateToString(objEvent.TimeWritten) &vbCrlf _
  &"用户帐户: " &objEvent.User &vbCrlf _
  &"用户名称: " &strUserFullName &vbCrlf _
  &"计算机名: " &objEvent.ComputerName &vbCrlf _
  &MyArray(8) &VbCrLf _
  &MyArray(28) &VbCrLf &VbCrLf
Next
objOutputFile.WriteLine strOutput
objOutputFile.close

'WScript.Echo "运行结束"

'--------------------
'发送邮件
'--------------------
Content = "c:\SecurityLog.txt"
Const ForReading = 1

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(Content, ForReading)
ReadAllTextFile = objTextFile.ReadAll

NameSpace = ""
Set Email = CreateObject("CDO.Message")
Email.From = "]"
Email.To = "]"
Email.Subject = "99.1.72.98昨日至今登录信息--" &now()
Email.Textbody = ReadAllTextFile

With Email.Configuration.Fields
.Item(NameSpace&"sendusing") = 2
.Item(NameSpace&"smtpserver") = "99.1.72.230"
.Item(NameSpace&"smtpserverport") = 25
.Item(NameSpace&"smtpauthenticate") = 1
.Item(NameSpace&"sendusername") = "winck"
.Item(NameSpace&"sendpassword") = ""
.Update
End With
Email.Send
'******************************************************************************
Function WMIDateToString(dtmDate)
 If isnull(dtmDate) Or dtmDate = "" Then
  WMIDateToString = "N/A"
 Else
  WMIDateToString = CDate(Mid(dtmDate,5,2) & "-" & _
                   Mid(dtmDate,7,2) & "-" & _
                   Left(dtmDate,4) & " " & _
                   Mid(dtmDate,9,2) & ":" & _
                   Mid(dtmDate,11,2) & ":" & _
                   Mid(dtmDate,13,2))
 End If 
End Function

    注:实际工作中,这个脚本已作废,因为采用了更科学的方式。


========================================================================
任何形式的转载,请写明出处:
email:
blog:    http://www.cublog.cn/u/739/
========================================================================

阅读(1627) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~