Re: Security Event Log
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Thu, 22 Feb 2007 00:07:21 -0700
"Anthony LaMark" <anthony@xxxxxxxxxxxxxxx> wrote in message
news:ee8jFSIVHHA.4384@xxxxxxxxxxxxxxxxxxxxxxx
Hi All,
I am logging certain events into the security event log by using
AuthzReportSecurityEvent. Everything is working great except when the
user looks into the Security Event log, the Category column is shown as
(3). I want it to show "Object Access" but I cannot find what the actual
numeric value should be so that it shows "Object Access" instead of (3).
I have complete control over the message file (i.e. X.mc) so can change
the message definitions if need be. Any advice would be greatly
appreciated.
Well, that is sort of a good question, since category 3 for source
Security is in fact Object Access.
If you look with such as
sComp = "." ' or as desired
sQuery = "Select * from Win32_NTLogEvent Where Logfile = 'Security' And
'Category = 3'"
Set oWmiSvc = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & sComp & "\root\cimv2")
Set cEvents = oWmiSvc.ExecQuery(sQuery)
are your events in the resulting collection?
(if not, drop the And 'Category = 3' from the where clause)
Look for relevent oEvent in cEvents collection by examining
such as
sEvtSrc = oEvent.SourceName
sEvtCat = oEvent.Category
iEvt = oEvent.EventCode
sEvtDesc = oEvent.Description
etc.
I suspect that sEvtSrc for your events is not "Security" and so
it does not have a resources to translate the category 3 to show.
Roger
.
- References:
- Security Event Log
- From: Anthony LaMark
- Security Event Log
- Prev by Date: Re: Security necessary to list all services
- Next by Date: Re: Problems with NTP on Win2003
- Previous by thread: Security Event Log
- Next by thread: Re: Windows equiv of UNIX "Restricted Users"??
- Index(es):
Relevant Pages
|
|
