[已解决]批处理能否读取系统日志？

522235677

显示错误信息

forfiles

test.vbs

1. '查看指定登录类型的事件日志
   
2. strComputer = "."
   
3. 
   
4. Set wbemServices = Getobject("winmgmts:\" & strComputer)
   
5. Set wbemObjectSet = wbemServices.InstancesOf("Win32_NTLogEvent")
   
6. 
   
7. For Each wbemObject In wbemObjectSet
   
8. If wbemObject.EventCode = "528" And InStr(wbemObject.Message,"登录类型:         2") Then
   
9.     WScript.Echo "Log File:        " & wbemObject.LogFile        & vbCrLf & _
   
10.         "Record Number:   " & wbemObject.RecordNumber   & vbCrLf & _
    
11.         "Type:            " & wbemObject.Type           & vbCrLf & _
    
12.         "Time Generated:  " & wbemObject.TimeGenerated  & vbCrLf & _
    
13.         "Source:          " & wbemObject.SourceName     & vbCrLf & _
    
14.         "Category:        " & wbemObject.Category       & vbCrLf & _
    
15.         "Category String: " & wbemObject.CategoryString & vbCrLf & _
    
16.         "Event:           " & wbemObject.EventCode      & vbCrLf & _
    
17.         "User:            " & wbemObject.User           & vbCrLf & _
    
18.         "Computer:        " & wbemObject.ComputerName   & vbCrLf & _
    
19.         "Message:         " & wbemObject.Message        & vbCrLf
    
20. End If
    
21. Next

复制代码

forfiles

1. rem 列举事件日志类型
   
2. wmic Path Win32_NTEventlogFile get LogfileName /value|more
   
3. 
   
4. rem 查询应用程序事件日志
   
5. wmic Path Win32_NTLogEvent Where "Logfile='Application' and EventCode='1800'" get * /value|more
   
6. 
   
7. rem 查询安全事件日志
   
8. wmic Path Win32_NTLogEvent Where "Logfile='Security' and EventCode='528'" get * /value|more

复制代码