Board logo

标题: [系统相关] [已解决]批处理能否读取系统日志? [打印本页]
作者: 522235677    时间: 2012-10-20 16:20     标题: [已解决]批处理能否读取系统日志?

本帖最后由 522235677 于 2013-4-11 19:51 编辑

显示错误信息
作者: forfiles    时间: 2012-10-20 20:03

test.vbs
  1. '查看指定登录类型的事件日志

  2. strComputer = "."

  3. 

  4. Set wbemServices = Getobject("winmgmts:\\" & strComputer)

  5. Set wbemObjectSet = wbemServices.InstancesOf("Win32_NTLogEvent")

  6. 

  7. For Each wbemObject In wbemObjectSet

  8. If wbemObject.EventCode = "528" And InStr(wbemObject.Message,"登录类型: 	2") Then

  9.     WScript.Echo "Log File:        " & wbemObject.LogFile        & vbCrLf & _

  10.         "Record Number:   " & wbemObject.RecordNumber   & vbCrLf & _

  11.         "Type:            " & wbemObject.Type           & vbCrLf & _

  12.         "Time Generated:  " & wbemObject.TimeGenerated  & vbCrLf & _

  13.         "Source:          " & wbemObject.SourceName     & vbCrLf & _

  14.         "Category:        " & wbemObject.Category       & vbCrLf & _

  15.         "Category String: " & wbemObject.CategoryString & vbCrLf & _

  16.         "Event:           " & wbemObject.EventCode      & vbCrLf & _

  17.         "User:            " & wbemObject.User           & vbCrLf & _

  18.         "Computer:        " & wbemObject.ComputerName   & vbCrLf & _

  19.         "Message:         " & wbemObject.Message        & vbCrLf

  20. End If

  21. Next
复制代码
作者: forfiles    时间: 2012-10-21 13:51

  1. rem 列举事件日志类型

  2. wmic Path Win32_NTEventlogFile get LogfileName /value|more

  3. 

  4. rem 查询应用程序事件日志

  5. wmic Path Win32_NTLogEvent Where "Logfile='Application' and EventCode='1800'" get * /value|more

  6. 

  7. rem 查询安全事件日志

  8. wmic Path Win32_NTLogEvent Where "Logfile='Security' and EventCode='528'" get * /value|more
复制代码




欢迎光临 批处理之家 (http://bbs.bathome.net/) Powered by Discuz! 7.2