R
Rob
Hello,
Does anyone know of or have a cross reference for the Security log
numeric Category and Type field codes that are shown in the output of
dumpel? When viewing the Security log with Event Viewer, the Category
and Type fields are displayed with text. dumpel just shows a numeric
value. An example difference would be, Type field shows "8" in dumpel
and "Security Audit" in Event Viewer.
I've written this batch and vb script to dump the Security log during
boot time. Having the cross reference would make this much easier to
interperate.
If you're interested in performing similar logging you can get dumpel
from Microsoft's website:
download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/
EN-US/Dumpel.exe
Thanks in Advance!
Rob Ramsey
-------------------------------------
c:\win_make_log.bat
-------------------------------------
@echo on
:: set variables
set tdtd=none
set ttrn=none
:: get the date and time and then combine into single variable
for /F "tokens=2-4 delims=/ " %%i in ('date /t') do set tdtd=%%i_%%j_%
%k
for /F "tokens=5-8 delims=:. " %%i in ('echo.^| time ^| find "current"
') do set ttrn=_%%i%%j
set tufn=security_%tdtd%%ttrn%.log
:: now create the file
"c:\Program Files\Resource Kit\dumpel.exe" -l security -f c:
\security_log\%tufn%
:: clear security event log
c:\i386\cscript.exe clear_security_log.vbs
:EOF
-------------------------------------
c:\clear_security_log.vbs
-------------------------------------
strComputer = "."
Set objWMIService = GetObject ("winmgmts:" &
"{impersonationlevel=impersonate, (Backup, Security)}!\\" &
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("SELECT * FROM
Win32_NTEventLogFile WHERE LogFileName='Security'")
For Each objLogfile in colLogFiles
objLogFile.ClearEventLog()
Next
Does anyone know of or have a cross reference for the Security log
numeric Category and Type field codes that are shown in the output of
dumpel? When viewing the Security log with Event Viewer, the Category
and Type fields are displayed with text. dumpel just shows a numeric
value. An example difference would be, Type field shows "8" in dumpel
and "Security Audit" in Event Viewer.
I've written this batch and vb script to dump the Security log during
boot time. Having the cross reference would make this much easier to
interperate.
If you're interested in performing similar logging you can get dumpel
from Microsoft's website:
download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/
EN-US/Dumpel.exe
Thanks in Advance!
Rob Ramsey
-------------------------------------
c:\win_make_log.bat
-------------------------------------
@echo on
:: set variables
set tdtd=none
set ttrn=none
:: get the date and time and then combine into single variable
for /F "tokens=2-4 delims=/ " %%i in ('date /t') do set tdtd=%%i_%%j_%
%k
for /F "tokens=5-8 delims=:. " %%i in ('echo.^| time ^| find "current"
') do set ttrn=_%%i%%j
set tufn=security_%tdtd%%ttrn%.log
:: now create the file
"c:\Program Files\Resource Kit\dumpel.exe" -l security -f c:
\security_log\%tufn%
:: clear security event log
c:\i386\cscript.exe clear_security_log.vbs
:EOF
-------------------------------------
c:\clear_security_log.vbs
-------------------------------------
strComputer = "."
Set objWMIService = GetObject ("winmgmts:" &
"{impersonationlevel=impersonate, (Backup, Security)}!\\" &
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("SELECT * FROM
Win32_NTEventLogFile WHERE LogFileName='Security'")
For Each objLogfile in colLogFiles
objLogFile.ClearEventLog()
Next