Security Log Category and Type Codes (using dumpel)

Hello,

Does anyone know of or have a cross reference for the Security log
numeric Category and Type field codes that are shown in the output of
dumpel? When viewing the Security log with Event Viewer, the
Category
and Type fields are displayed with text. dumpel just shows a numeric
value. An example difference would be, Type field shows "8" in
dumpel
and "Security Audit" in Event Viewer.


I've written this batch and vb script to dump the Security log during
boot time. Having the cross reference would make this much easier to
interperate.


If you're interested in performing similar logging you can get dumpel
from Microsoft's website:


download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/
NT5/
EN-US/Dumpel.exe


Thanks in Advance!


Rob Ramsey


-------------------------------------
c:\win_make_log.bat
-------------------------------------


@echo on


:: set variables


set tdtd=none
set ttrn=none


:: get the date and time and then combine into single variable


for /F "tokens=2-4 delims=/ " %%i in ('date /t') do set tdtd=%%i_%%j_
%
%k
for /F "tokens=5-8 delims=:. " %%i in ('echo.^| time ^| find
"current"
') do set ttrn=_%%i%%j
set tufn=security_%tdtd%%ttrn%.log


:: now create the file


"c:\Program Files\Resource Kit\dumpel.exe" -l security -f c:
\security_log\%tufn%


:: clear security event log


c:\i386\cscript.exe clear_security_log.vbs


:EOF


-------------------------------------
c:\clear_security_log.vbs
-------------------------------------


strComputer = "."


Set objWMIService = GetObject ("winmgmts:" &
"{impersonationlevel=impersonate, (Backup, Security)}!\\" &
strComputer & "\root\cimv2")


Set colLogFiles = objWMIService.ExecQuery ("SELECT * FROM
Win32_NTEventLogFile WHERE LogFileName='Security'")


For Each objLogfile in colLogFiles


objLogFile.ClearEventLog()


Next

.

Relevant Pages