Event Log Dump Parsing

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ VBscripts
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Event Log Dump Parsing I am using dumpel.exe to dump several domain controllers' security event logs 3 times per day. We generate numerous large .evt files due to required corporate auditing mandates. Now I need to write a vbscript that will allow me to parse multiple .evt files, looking for any user activity for a specified user across several days, for example. I have the need to put this into a fully automated script, for various reasons, which as far as I can tell rules out eventcomb, as it appears to require the GUI interface to run interactively. Does anyone have any suggestion on how to parse these .evt files? I haven't yet found any utilities other than eventcomb that allow me to even search a flat .evt file. If you have suggestions, or think dumpel or eventcomb may still work, please provide an example of the syntax of these could work given my scenario. Thanks! Tag: Event Log Dump Parsing Tag: 161839
  - 2
    - Error extracting innerHTML using DHTML in an HTA page I have an ASP application that returns data requested by the user in various formats. Currently it returns the data as an Excel file that can be displayed or saved. I have added the feature of returning the same data in XML format, either as a Data Island or as a file download. My intention is to allow the user to save the XML data either as a file or load it into the local SQL Server database (at the Client side. It has been suggested to me by Microsoft MVPs in various newsgroups that the Data island is the preferred method of delivery. However I am running into a problem. Most of my customers run a VB6 application written by me with a Browser Control that allows the Scripting FileSystemObject to extract the innerHTML of the XML data and save it to file or Database. I am trying to do the same thing with DHTML in an HTA page, for those customers that don't subscribe to the VB6 application, but wish to use the ASP site. The HTA application however is generating an error that I can't seem to solve.... Error: Object required: 'objXML' Note: The page is completely loaded into the browser, because the code is called from an OnClick event from a button that is the last control loaded in the page, well after the XML Data island is created. Below is the source code from VB6 (that works) and the HTA code that generates an error. The line flagged is: strHTML = objXML.innerHTML Can anyone tell me what the problem might be? If the Data Island is the preferred method of delivery, how do I go about committing it to disk or SQL Server (at the Client site) without using VB6 code? If I can't find an answer soon, I will resort to file download and then deal with file-handling issues that might make it difficult for the user and myself, such as making sure the file is placed in a specific location that can be accessed easily for loading into SQL Server. --- VB6 Code that works properly on the XML data island --- Private Sub GetXMLData() As Boolean Dim objDoc As Object Dim objXML As Object Dim strHTML As String Dim ts As Object, fs As Object Set fs = CreateObject("Scripting.FileSystemObject") Set ts = fs.CreateTextFile("PCardTest.xml", True) Set objDoc = Me.PCardBrowser.document Set objXML = objDoc.All("pcXML") strHTML = objXML.innerHTML ts.Write strHTML ts.Close End Sub -- Script Code in HTA page that generates error -- <SCRIPT language=vbscript> sub saveTOfile() Dim objDoc Dim objXML Dim strHTML Dim ts Dim fs Set fs = CreateObject("Scripting.FileSystemObject") Set ts = fs.CreateTextFile("c:\temp\PCardTest.xml", True) Set objXML = document.all("pcXML") strHTML = objXML.innerHTML ts.Write strHTML ts.Close end sub </SCRIPT> Thanks for your help...... Tag: Event Log Dump Parsing Tag: 161834
  - 3
    - Property Set Hi! Please show me how to use Property Set members with classes on VbScript. Thanks.. Tag: Event Log Dump Parsing Tag: 161832
  - 4
    - Usernames and Password in Links Hi I've been trying to get the link format of "http://username:password@www.someSite.com/protectedPage.html" to work and have just discovered that Microsoft have removed this functionality with a security update. The page http://support.microsoft.com/default.aspx?scid=kb;en-us;834489 is very useful, however, I would like to be able to use InternetSetOption() function within a VBScript so I can get the same functionality as the old style link. I don't want to modify the registry or force the user to save the password. Does any one have a VBScript or JScript example of how to get the same functionality as the old style link? Thanks AO Tag: Event Log Dump Parsing Tag: 161831
  - 5
    - seach for text help needed hello all, i have a text file in the following format, cn: testgroup description: testgroup mail: testgroep@fabrikcam.com user1 user2 user3 cn: testgroup1 description: testgroup1 mail: testgroep1@fabrikcam.com user1 user2 user3 user4 user5 from this file i try to create groups in active directory with vbscript, i have the following script already, but i can search for the strin cn:, but how do i return the next lines to a variable? so i seach for cn, and put the description, and mail and users in a variable to create the group. by the way the number of users vary per group, i can;t get it working, any help would be appricated greetings martin strSearchcn = "cn:" strSearchDis = "description:" strSearchMail = "mail:" Do While objFile.AtEndOfStream = True strLine = objFile.ReadLine If Instr(strLine, strSearchcn) Then searchcn = Mid(strline,5) End If Tag: Event Log Dump Parsing Tag: 161830
  - 6
    - Mass password reset from text file Howdy I need to be able to reset a large number of passwords AND set the password to expire at first logon. I will have a list of userNames and passwords in a text file. This is for a domain. There are no OU's involved as such. Users log ins as 'domainName/userName' Any help greatly appreciated John Tag: Event Log Dump Parsing Tag: 161828
  - 7
    - ADmin reset I know I've asked this question before, but does anyone have a .bat or .vbs script that can show me how to reset the administrator password of a client machine, as Logon runs? The end-user account will have admin rights locally, so should be able to do it, but I just don't know of the command to do it. A. Tag: Event Log Dump Parsing Tag: 161827
  - 8
    - Mass password reset from text file Howdy I need to be able to reset a large number of passwords AND set the password to expire at first logon. I will have a list of userNames and passwords in a text file. This is for a domain. There are no OU's involved as such. Users log ins as 'domainName/userName' Any help greatly appreciated John Tag: Event Log Dump Parsing Tag: 161825
  - 9
    - Help Required - Script for domain last login time G'day all I'm hoping you guys can help me. I'm trying to find a script that will list all the users in my domain and their last login time. I've found one that will list them all from one DC but the results are different when I query a different DC in my domain. I'm just looking to get rid of obsolete account over the whole domain. If anyone can help with a script or a source it would be great. Thanks Regards Mark Tag: Event Log Dump Parsing Tag: 161824
  - 10
    - WbemScripting.SWbemDateTime support in W2k Im using this to qry the security logs by date, and is supported in W2k3 Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime") Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime") DateToCheck = DATE -1 dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME dtmEndDate.SetVarDate DateToCheck + 1, CONVERT_TO_LOCAL_TIME But not in W2K, Does anyone have a workaround that will work in both windows 200O & 2003 Server Server, My test code is below. Regards Don Grover '********************************************************************************* Option Explicit Dim dtmStartDate, dtmEndDate, DateToCheck, strComputer Dim objWMIService, colEvents, objEvent, sMessageStringCat, sheader Dim CONVERT_TO_LOCAL_TIME, sEmailBlurb, iCounter 'Message tagged to the bottom of each email sEmailBlurb = " " & VbCrLf & String(66,"=") & VbCrLf & "WARNING - This email and any attachments may be confidential. If received in error, please delete and inform us by return email." & VbCrLf & VbCrLf &_ "Because emails and attachments may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems, you must be cautious." & VbCrLf &_ "CokeShop cannot guarantee that what you receive is what we sent. If you have any doubts about the authenticity of an email by CokeShop, please contact us immediately. " & VbCrLf &_ "It is also important to check for viruses and defects before opening or using attachments. CokeShop's liability is limited to resupplying any affected attachments." & VbCrLf &_ String(66,"*") & VbCrLf & "CokeShop Online" & VbCrLf & "A.C.N. 106 964 345" & VbCrLf & "A.B.N. 62 106 964 345" & VbCrLf & String(66,"*") & VbCrLf 'Application Variables Dim sEmailFrom, sEmailTo, iEmailPort, sConEmailMonitor sEmailFrom = "xxx@netspace.net.au" sEmailTo = "xxx@netspace.net.au" sConEmailMonitor = "xxx@netspace.net.au" strComputer = "myserver" iEmailPort = 25 iCounter = 0 sheader = String(55,"_") CONVERT_TO_LOCAL_TIME = True Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime") Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime") DateToCheck = DATE -1 dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME dtmEndDate.SetVarDate DateToCheck + 1, CONVERT_TO_LOCAL_TIME Dim sMonth, sDay If Len(Month(Date)) = 1 then sMonth = "0" & Month(Date) If Len(Day(Date)) = 1 then sDay = "0" & Day(Date) Wscript.echo dtmStartDate & " " & Year(Date) & sMonth & Day(Date) Wscript.quit Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Security)}!\\" & _ strComputer & "\root\cimv2") Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where LogFile='Security' AND (TimeWritten >= '" _ & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "') AND (EventCode='529') ") For each objEvent in colEvents iCounter = iCounter + 1 sMessageStringCat = sMessageStringCat & VbCrLf & sHeader & VbCrLf & vBtAB & "Category: " & objEvent.Category & vBcRlF & vBtAB & "Computer Name: " & objEvent.ComputerName & vBcRlF &vBtAB & "Message: " & objEvent.Message Next Set colEvents = Nothing Set objWMIService = Nothing If iCounter > 0 Then SendEmailNotification "Email remote login security report from " & UCASE(strComputer) ,"Sent: " & FormatDateTime(Now) & VbCrLf & _ "This is an automated security report from " & UCASE(strComputer) & VbCrLf & _ "The below list is all FAILED remote logins to " & strComputer & "By Windows Terminal Services " & VbCrLf & sMessageStringCat End If WScript.Quit Function SendEmailNotification(TheSubJect, TheBody) '****************************************************** '*** Send the message Using CDOSYS Win2k & Win2003 **** '****************************************************** On Error Resume Next ' CDO mail object Dim sch, cdoConfig, cdoMessage, sError sch = "http://schemas.microsoft.com/cdo/configuration/" Set cdoConfig = CreateObject("CDO.Configuration") cdoConfig.Fields.Item(sch & "sendusing") = 2 cdoConfig.Fields.Item(sch & "smtpserverport") = iEmailPort cdoConfig.Fields.Item(sch & "smtpserver") = strComputer cdoConfig.Fields.Update Set cdoMessage = CreateObject("CDO.Message") Set cdoMessage.Configuration = cdoConfig cdoMessage.From = sEmailFrom cdoMessage.To = sEmailTo cdoMessage.BCC = sConEmailMonitor cdoMessage.Subject = TheSubJect cdoMessage.TextBody = TheBody & sEmailBlurb ' cdoMessage.item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate").value = 1 ' use clear text authenticate ' cdoMessage.item("http://schemas.microsoft.com/cdo/configuration/sendpassword").value ="mypassword" ' cdoMessage.item("http://schemas.microsoft.com/cdo/configuration/sendusername").value ="yourusername" cdoMessage.Fields.Item("urn:schemas:mailheader:X-MSMail-Priority") = "High" cdoMessage.Fields.Item("urn:schemas:mailheader:X-Priority") = 2 cdoMessage.Fields.Item("urn:schemas:mailheader:Keywords") = "COKESHOP" cdoMessage.Fields.Item("urn:schemas:mailheader:Sensitivity") = "Company-Confidential" cdoMessage.Fields.Item("urn:schemas:mailheader:X-Message-Flag") = "Do not Forward" cdoMessage.Fields.Update cdoMessage.Send Set cdoMessage = Nothing Set cdoConfig = Nothing If Err.Number <> 0 Then sError = Err.Description End If On Error Goto 0 End Function Tag: Event Log Dump Parsing Tag: 161822
  - 11
    - Unspecified error when pass 0 into a COM method Hi, I've a COM method receiving a LONG parameter. When I pass 0, I got Unspecified error. I've tried to pass in 1 or 4. Both work fine. Why 0 is not accepted by this method? Thanks Kevin Tag: Event Log Dump Parsing Tag: 161818
  - 12
    - Display .bmp, .gif, and .jpg files. I am trying to display either a .bmp or .jpg file. This is how we are geetting our Geography questions. I have the following code. It is just a little test script to try to get something to work. <A href="/Tivities/CPAGEU.asp"><Img Src="C:\ArCdMaps\KYAC.bmp" Height="225" Width="475" Usemap="#USA"></A> <A href="/Tivities/CPAGEU.asp"><Img Src="C:\ArCdMaps\KYAC.gif" Height="225" Width="475" Usemap="#USA"></A> <A href="/Tivities/CPAGEU.asp"><Img Src="C:\ArCdMaps\KYAC.jpg" Height="225" Width="475" Usemap="#USA"></A> Only the .gif image displayes. Yes all three images are in the directory. It is just that we get the graphics from the test center in Chattanooga. Thanks in advance for any explanation! Bill B Tag: Event Log Dump Parsing Tag: 161816
  - 13
    - Empty Files I want to use vbscript to scan a folder and look for empty(zero byte) files. If found move them to a another folder and Email me of this occurance. Does anyone have any examples. TIA... Tag: Event Log Dump Parsing Tag: 161815
  - 14
    - Change Wallpaper Hi I have been using this script to ramdomly change the wallpaper of my windows 2000 clients however When i use this script for clientes running windows xp it does not work the special folder is desktop in windows xp right?? is there any other registry value i need to change?? does it make a diference the language?? instead of desktop to use "escritorio" or something like that?? =============================================0 Option Explicit Dim CompleteImagesFolderPath Dim ImageFileTypes CompleteImagesFolderPath = \\path ImageFileTypes = "jpg" Dim WshShell Set WshShell = Wscript.CreateObject("Wscript.Shell") Dim ImageFiles Dim Final Dim strDesktop Set ImageFiles = CreateObject("Scripting.Dictionary") strDesktop = WSHShell.SpecialFolders("Desktop") call RandomImage(CompleteImagesFolderPath,ImageFileTypes) Function RandomImage(CompleteImagesFolderPath, ImageFileTypes) 'Declare variables Dim FileSystemObject Dim ImageFolder Dim Files Dim i Dim File Dim FileName Dim FileExtension Dim RandomNumber Set FileSystemObject = CreateObject("Scripting.FileSystemObject") If Not FileSystemObject.FolderExists(CompleteImagesFolderPath) Then RandomImage = "Error 0: Cannot find requested folder" Set FileSystemObject = nothing Exit Function End If Set ImageFolder = FileSystemObject.GetFolder(CompleteImagesFolderPath) Set Files = ImageFolder.Files i = 1 For Each File in Files FileName = File.Name FileExtension = Right(FileName, Len(FileName) - (InStrRev(FileName, "."))) If InStr(1,ImageFileTypes,FileExtension,vbTextCompare) > 0 then ImageFiles.Add i, FileName i = i + 1 End If Next Set ImageFolder = nothing Set Files = nothing Set FileSystemObject = nothing Randomize If ImageFiles.Count = 0 Then RandomImage = "Error 1: Folder no existe" Exit Function End If RandomNumber = Int((ImageFiles.Count) * Rnd + 1) Final = CompleteImagesFolderPath&"\"&ImageFiles.Item(RandomNumber) WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper",Final,"REG_SZ" WshShell.RegWrite "HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper",Final,"REG_SZ" 'CompleteImagesFolderPath&"\"&ImageFiles.Item(RandomNumber) Set ImageFiles = nothing WSHShell.AppActivate strDesktop WSHShell.SendKeys "{F5}" End Function ============================================================================ === could you help me please?? the script does change the registry values but does not change the wallpaper thanks a lot Tag: Event Log Dump Parsing Tag: 161813
  - 15
    - How to check for non-existant property Hi all, Using VB6 or VBScript: What is the "best practice" method for checking if a property exists or not? For instance oUser.AccountExpirationDate. Thanks. -- Tim Tag: Event Log Dump Parsing Tag: 161809
  - 16
    - create performance counters and categories Either from script or from the Windows Installer libraries, is it possible to programatically create performance counters and categories? I need to put this functionailty into a VBScript custom action and need to try to avoid using the .net route. -EP (sorry for all the newsgroups but each one I posted to I thought was relevant) Tag: Event Log Dump Parsing Tag: 161808
  - 17
    - Opening a word doc as a template and then save into a server with ip address Hi there, I am using htm and asp to write a web applicaiton, which opens a word template located in its sub folder. Then my app will ask the user to input whatever info required and then I will populate the word doc according without opening the word doc to the user explicitly. Then the newly created file will be saved to a server (ip address available). I just wonder how this can be accomplished, if I try to use client-side vbscript, I was not able to use fso.copyfile to copy file from URL to a server. Besides, when I open the word doc, even explicit saying the wordobject is invisible it still ask me question if I want to open it read-only or ....but I don't want the user to see the template at all. If I user server-script in an asp, I won't be able to use server.createobject(word.application), so how can I open the word doc and change it then? Please advice me the best way the get this done... Thanks in advance. Any help will be greatly appreciated. Wanda Tag: Event Log Dump Parsing Tag: 161806
  - 18
    - enumerate folder/File permissions I want to have my script check if the permissions on a folder or file are set for a User, then if not set, set them. I have the script to set the folder/file permissions but how do I use VB to check the next time the script runs that the permissions exist. thanks in advance Tag: Event Log Dump Parsing Tag: 161804
  - 19
    - OnClick (sub is undef) Hi, In my ASP application I try to display an help text a secondary window doing the following and I get the message "ShowHelp is Undefined" What am'I doing wrong? Any help will be appreciated. sub ShowHelp Response.Write "<FORM NAME=FrmHelp " & _ "TARGET=Name>" & _ "<INPUT TYPE=HIDDEN NAME=Language VALUE=" & sLang & "></FORM>" %><Script>window.open("Help.asp","FrmHelp","width=700,height=400, Left=80, top=80, Titlebar=1, resizable=1, scrollbars=1, toolbar=0");</Script><% end sub %> <A HREF="Help.asp" OnClick="ShowHelp"><%Response.Write sHelp%></A></TD> Thank you in advance serge Tag: Event Log Dump Parsing Tag: 161799
  - 20
    - ADODB.Command error '800a0bb9' Hello All, Hoping for a little help. I'm using a parametered sql stored proc to accept and return variables to my asp page. The SP works fine as I've tested it separately. The error and code is below. Fairly new to asp, all comments are appreciated. Thanks in advance, R Here is the error: ADODB.Command error '800a0bb9' Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another. /gplogout.asp, line 83 Here is my asp: <% Dim objConn Dim objCmd Dim txtUser Dim txtPswd dim txtloggedout 'Form Values txtUser = request.form("txtUserName") txtPswd = request.form("txtPassword")  Set objConn = Server.CreateObject("ADODB.Connection") objConn.open "Provider=SQLOLEDB;Data Source=SQLServer;Initial Catalog=MYDB;User ID=UserName;Password=1234" set objCmd = Server.CreateObject("ADODB.Command") With objCmd .ActiveConnection = objConn .CommandText = "X_storedproc_test" .CommandType = 4 'adcmdstoredproc 'Requires the adovbs.inc file or typelib meta tag 'Add Input Parameters .Parameters.Append .CreateParameter("@UName", adVarChar, adParamInput, 30, txtUser) .Parameters.Append .CreateParameter("@Pswrd", adVarChar, adParamInput, 30, txtPswd) 'Add Output Parameters .Parameters.Append .CreateParameter("@loggedout", adInteger, adParamOutput) 'Execute the function .Execute, , adExecuteNoRecords 'Extract the output parameter which the SP has supplied from the parameter collection' txtloggedout = .parameters("@loggedout") End With 'Update the user Tag: Event Log Dump Parsing Tag: 161792
  - 21
    - Script for removing dialup connections Does anyone have a script for "removing" dialup connections from windows 2K\XP workstations? These connections are configured under the user, not the system. Thansk, Kevin Tag: Event Log Dump Parsing Tag: 161791
  - 22
    - connecting printers on samba in a vbs script? Hello, I am trying to write a vbs script that replaces the need for the user to connect printers by right-clicking a printer and choosing 'connect'. I am using the following code: ' declare variables dim wshnetwork ' set reference to WSH network object set wshnetwork=wscript.createobject("wscript.network") ' add connection to a network printer hpintel on samba (ibm-nas) wshnetwork.addwindowsprinterconnection "\\samba\hpintel" The problem is that the printer is on samba and I am trying to connect to it as a local administrator. The way I would do it manually is connect to \\samba and enter my login and password in the domain and then 'connect' the printer. However, if I were to run the script as an administrator I wouldn't have the opportunity to authenticate with samba. Therefore I tried using the "runas" command to run the script as a domain user. I used the /netonly option. This worked as far as the printers showing up on the "printers and faxes" window. But they appeared with the status: "access denied. unable to connect" and when I tried to print I got the error message: "Cannot print the file. Be sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly." What should I do? Is there any way to simulate connecting to samba as a known domain user and then adding printers? Thanks, Aviv. Tag: Event Log Dump Parsing Tag: 161790
  - 23
    - Password changes on different domains Hi There I have got a user who works between to different Windows 2000 domains (Lets say D1 and D2). Her computer is joined to domain D1. She has also got a user account on D2, but obviously if I join her computer to D2 she will be disjoined from D1 (which we don't want). I have managed to get her working on D2 in all respects but managing her password seems troublesome. I've created a vbscript to change her password on D2, but then she must be logged onto the D2 domain to be able to run it. Does anyone have an idea or a solution for me Regards Tag: Event Log Dump Parsing Tag: 161788
  - 24
    - Sort a dictionary Hi I'm trying to sort a Script Dictionary. It has a string value in the keys & an Object in the items (an AutoCAD layer object in this instance). 1. I can swap the keys (string) values as shown below, but the Items (object) won't budge Where an I going wrong?. 2. is there a way to swap both Keys/Items in one go ie Dict(0)=Dict(5) instead of doing them separately? 3. I've seen a routine on MSN for sorting a dictionary http://support.microsoft.com/default.aspx?scid=kb;en-us;246067 That sorts a string based dict, but a) I don't know how to change it so it can accept objects & b) it creates arrays to do the sorting which confuses me because I thought = Dict.Keys returns an array anyway. Thanks in advance Dave F. Sub test() Dim LayObj As AcadLayer Dim DictSort As Variant Dim Dict As New Dictionary ' script dictionary (scripting runtime ref) Dim KK As Variant, It As Variant With ThisDrawing For Each LayObj In .Layers Dict.Add LayObj.Name, LayObj ' store it - Key:Layer Name, Item: Layer Object Next ' Lay End With ' thisdrawing KK = Dict.Keys It = Dict.Items ' these are OBJECTS not strings KK(0) = KK(5) 'swaps the keys It(0) = It(5) End Sub Tag: Event Log Dump Parsing Tag: 161786
  - 25
    - Problem of MSXML2.XMLHTTP Hi, I have a server side of asp which generate rows of data from DB in real time (around 1500KB of data, 4000 row of data) my client side get the result using MSXML2.XMLHTTP when the result is very small, e.g. 1 row, the result is as expected. However, when the rows number grow , e.g. 4000 row, only the first 2 row data is back. is this the limit of MSXML2.XMLHTTP? Here is my code.... '------------------------------------------------- Set xhttpPost = creatobject("MSXML2.XMLHTTP") With xhttpPost .Open "GET", url, False .send "" Do While .readyState <> 4 DoEvents Loop wscript.echo .responseText End With Set xhttpPost = Nothing Tag: Event Log Dump Parsing Tag: 161785
- Next
  - 1
    - Permission denied: 'GetObject' while trying to get list of processes on remote comp. This is the code, pasted from "The Portable Script Center": strComputer = "JEFF" Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colProcesses = objWMIService.ExecQuery _ ("Select * from Win32_Process Where Name = 'Database.exe'") If colProcesses.Count = 0 Then Wscript.Echo "Database.exe is not running." Else Wscript.Echo "Database.exe is running." End If I get Permission denied: 'GetObject' on line 2 of this script. Why is this happening, and how can I fix it? Drazen Tag: Event Log Dump Parsing Tag: 161784
  - 2
    - Displaying xl-worksheets in IE Hi I have a application whith three frames. In the third frame ("Results") I want to display an excel-generated report (the report is generated through VBA macros, which run when the template is opened (auto_open sub), collecting the data from an SQL Server). Normaly, in Excel, the template creates an instans of itself (resultning in an .xls-file). I want my application to do the same, that is, I want the template (xlt) to create an instans (xls), load the data into the xls-file and then display the xls-report in the fram "results". I'm quite new to VB-Script and I've only manged to come up with the following code, in report.asp: <SCRIPT LANGUAGE=VBScript RUNAT=Server> Dim xlApp Dim xlWb Dim xlSheet Set xlApp = CreateObject("Excel.Application") Set xlWb = xlApp.Workbooks.Open("c:\data\report.xlt") Set xlSheet = xlWb.Worksheets(1) xlSheet.Name = "Report1" xlApp.Visible = True Set xls = Nothing Set xlb = Nothing Set xlapp = Nothing </Script> This doesn't work. I think I don't get any error messages, though, and the CPU on the server is working for about 5 secs, so I think the report is generared but not displayed on screen(?). Excel 2000 is installed on the server. Can anyone help me please? Regards PO Tag: Event Log Dump Parsing Tag: 161778
  - 3
    - edit text entries... I have a batch file that reads a text file and displays certain strings back using the 'findstr' command. Some strings that the batch returns contain HTML code. The string looks something like this: Important text1: <A HREF="/cgi-bin/blah/blah>Important text2</A> I was wondering if there is a way to create a vbs file to remove the HTML code from the text file. Any help will be appreciated ;) -ghettocow Tag: Event Log Dump Parsing Tag: 161774
  - 4
    - Parse Veritas Backup Logs to Excel I need to parse portions of my Veritas backup logs (BEXXX.TXT) to an Excel spreadsheet to which I can apply pivot tables to analyse my backups. I would like to use Windows scripting if possible. Any Ideas? Please post here, no emails thx. Thanks in advance. Tag: Event Log Dump Parsing Tag: 161772
  - 5
    - Log all Sucsessfull and Failed Logins Im looking for a script that will read the Security Event Log on a w2k3 server from the previous day and email to an email address. I can't seem to get it the qry to return both the previous days Successful / failed logins along with the date qry. Does anyone know of a script or can point me in the right direction Regards Don Grover dgrover@assoft.com.au Tag: Event Log Dump Parsing Tag: 161769
  - 6
    - Space inside a command line. Good day, Im trying to create a script that runs a command line with an argument the problem is that the argument has space in side it, and im having trouble working out the command line, here is the command with the argument: Set WshShell = WScript.CreateObject("WScript.Shell") rCommand = "runas /user:Domain\suorenz "mmc %windir%\system32\management.msc"' WshShell.Run rCommand, 0, TRUE Thanks in advance -- Oren Zippori eAladdin.com Tag: Event Log Dump Parsing Tag: 161762
  - 7
    - Microsoft Script Debugger in Windows 2003? Has the Microsoft Script Debugger been discontinued in Windows 2003. It used to be installed in Windows Components, but I don't see it there anymore. Is it installed elsewhere? JohnL L Tag: Event Log Dump Parsing Tag: 161756
  - 8
    - WMI win32 access denied workgroup NOT domain 'microsoft you're killing me!' O.K., desperation time, before I start I am not talking about a Domain here. I am only talking about a simple home workgroup. I have WMI security working without trouble at work in our corporate domain, but can't work out why I can't get it to work at home where I do not want a domain. Here is my problem. If I use [Computer Management][Services and Applications][WMI] and bring up the properties on a local machine, it works fine. If ? however ? I <right-click> on [Computer Management] and then connect to any other computer in my workgroup; then attempt to get the properties of WMI, I simply receive the message that "Failed to connect to <computer name> because Win32: access is denied" I have made absolutely sure that the local administrator's accounts are exactly the same name and password. I have made absolutely sure that the remote machine's ?WMI Security settings' for the local administrator are maxed out and inherited from "Root" namespace down. I have tried many other bits and pieces, but simply can't get this to work. In my Corporate Domain at work, security is set through ?domain security objects' and I have no trouble writing scripts that use WMI on remote machines. Just can't get it to work at home and it is driving me crazy. Please any help on what to try? Because I can't get the bloody authentication to work, I can't get Microsoft's WMI explorer to return structures on computer in my home network other than the one I am working on, which is really a pain in the #$%^rse. Tag: Event Log Dump Parsing Tag: 161752
  - 9
    - Open network connection (VPN) with vbscript Alex, both of these are wonderful suggestions, a lot further than I'v ever got in trying to resolve this issue, but still a little flawed. When run, the VPN connection opens and then asks to connect or cancel. After you connect, the 2nd script you have suggested, pops up with bunch of windows which I'm trying to avoid. When you select OK o those windows, the VPN connection will then initiate a close connectio box with the option to stay connected. If you select to stay connected then it's fine. All of these windows will deffinitely confuse m clients. Is there a better way, or even a way that will halt th script indeffinitely without asking for user input, so that the entir VPN session can go along? Thanks again for all your help. Ian Alex K. Angelopoulos [MVP] wrote: > *Alex K. Angelopoulos [MVP] wrote:[color=darkred] > > grizzly wrote: > > After looking through a few old Bakken & Harris posts I decided t > write a > more generic method for handling items that "toggle" and may tak > time to do > so. Here's a function which can be used for any addressable shel > namespace > item; you simply supply it with the namespace index (49 for network > connections), the item name ("VPN Connection" in our case) and th > verb > ("C&onnect" for English language systems). > > Option Explicit > Dim t0: t0 = Timer > WScript.Echo "Success?", _ > ToggleShellItem(49, "VPN Connection", "C&onnect") > WScript.Echo timer - t0 > > Function ToggleShellItem(ByVal namespace, ByVal item, ByVal verb) > ' Use a shell folder item verb which disappears after use. > ' Examples are Connect/Disconnect, Enable/Disable pairs. > ' namespace: numeric ID of the namespace > ' itemName: name of the item when viewed in the namespace window. > ' verbName: verb to activate. > ' The function will find the verb in the item, DoIt, wait > ' until the verb "disappears" from the verb list, then return True. > ' If the item or verb is not found, returns False. > ToggleShellItem = False > Dim sa: Set sa = CreateObject("Shell.Application") > Dim items, i > Set items = sa.Namespace(namespace).Items > For i = 0 to items.Count - 1 > If LCase( items.Item(i).Name) = LCase(item) Then > Dim target: set target = items.Item(i) > Exit For > End If > Next > For i = 0 to target.Verbs.Count - 1 > If LCase(target.Verbs.Item(i).Name) = LCase(verb) Then > target.Verbs.Item(i).DoIt > Do While LCase(target.Verbs.Item(i).Name) = LCase(verb) > WScript.Sleep 500 > Loop > ToggleShellItem = True > Exit For > End If > Next > End Function - grizzl ----------------------------------------------------------------------- Posted via http://www.codecomments.co ----------------------------------------------------------------------- Tag: Event Log Dump Parsing Tag: 161751
  - 10
    - DOM explorer utility Is there an utility available for exploring document object model of currently running IE's (browse all the DOM properties/values)... I know that there's "DOM Explorer" available for FireFox, but need a similiar utility for IE... Drazen Tag: Event Log Dump Parsing Tag: 161748
  - 11
    - Understanding Image Source I am trying to display either a .bmp or .jpg file. This is how we are geetting our Geography questions. I have the following code. It is just a little test script to try to get something to work. <A href="/Tivities/CPAGEU.asp"><Img Src="C:\ArCdMaps\KYAC.bmp" Height="225" Width="475" Usemap="#USA"> <A href="/Tivities/CPAGEU.asp"><Img Src="C:\ArCdMaps\KYAC.gif" Height="225" Width="475" Usemap="#USA"> <A href="/Tivities/CPAGEU.asp"><Img Src="C:\ArCdMaps\KYAC.jpg" Height="225" Width="475" Usemap="#USA"> Only the .gif image displayes. Yes all three images are in the directory. It is just that we get the graphics from the test center in Chattanooga. Thanks in advance for any explanation! Len Tag: Event Log Dump Parsing Tag: 161744
  - 12
    - Find Disabled accounts and then enable accounts Hi 1.- Is there a script that can find all the accounts that are disabled in an OU?? 2.- Is there a script that enables those accounts?? Greetings Tag: Event Log Dump Parsing Tag: 161743
  - 13
    - datatype mismatch error any ideas please Hi. Winxp/iis5/dwmx/asp/vb/msaccess I'm trying to update a record based on a cookie existance. I'm getting this error when trying to load the page Microsoft OLE DB Provider for ODBC Drivers (0x80040E07) [Microsoft][ODBC Microsoft Access Driver] Data type mismatch in criteria expression. /affiliates/set.asp, line 19 I've tripple checked the data types in the database and can't see anything wrong. The field is a simple hit counter and is set to number/long integer The code for the hit counter is as follows <% IF Request.Querystring("Affid") <> "" THEN Response.Cookies("Affidcookie") = Request.Querystring("Affid") Response.Cookies("Affidcookie").Expires = Date + 30 END IF %> <% if(request.querystring("affid") <> "") then Command1__varid = request.querystring("affid") IF NOT Request.Querystring("Affid") = "" THEN set Command1 = Server.CreateObject("ADODB.Command") Command1.ActiveConnection = MM_conn222_STRING Command1.CommandText = "UPDATE affiliates SET hits = hits + 1 WHERE Affid = '" + Replace(Command1__varid, "'", "''") + "'" Command1.CommandType = 1 Command1.CommandTimeout = 0 Command1.Prepared = true Command1.Execute() 'this is line 19 END IF %> Can anyone shed some light on this for me i'm stumped. Dan Tag: Event Log Dump Parsing Tag: 161739
  - 14
    - Printing From ASP Is it possible to print a web page dynamically using Vb Script? I have several "reports" that are generated by my web site that I would like to print all at once. I could do the looping myself, but how can an indiviudal page be printed? Thanks for the help. Tag: Event Log Dump Parsing Tag: 161736
  - 15
    - Server permission problems and SchAgent Hi All, Using Win2k sp3 Perl 5.8.1 Apache2 I was using a CGI script in an Apache2/Win2k network to browse files and filetime info on the server and across the network. Using the default account for Apache2, I succeeded on the web server, but got bad file descriptors when going across LAN. It was the usual permission trouble. Since I was using Perl CGI I ran over to CPAN and looked for a module to do a CreateProcessWithLogon or some such beast. I couldn't get any of several modules to work. Then I realized that the trusty Scheduler.SchAgent might be the trick.=20 I ended up using a named pipe. The CGI script fires a Pipe client (setup as a Scheduled Task) to read the x-lan file, and write to the named pipe.=20 The info was read back from inside the CGI script=20 running a Pipe server. The CGI script used the SchAgent object to Activate the desired Scheduled Task, give it the right command line, then "Run" it.=20 It works because the web server is running in the SYSTEM account, and the fired Scheduled Task is running as the Administrator. I setup the task before hand with username and password I need, but when I "Run" from CGI its not necessary to supply the credentials again :) Here's a simple Perl demo http://4.11.211.97/PLPipe.zip regards, tlviewer Tag: Event Log Dump Parsing Tag: 161732
  - 16
    - InternetExplorer.Application methods and properties reference Where can I find more information about properties and methods available on "InternetExplorer.Application" object? If I want to use "InternetExplorer.Application" to the fullest, which book or web reference would you suggest? Another quick question: how to attach to *EXISTING* (so the script does not create its own InternetExplorer.Application object) instance of Internet Explorer and control it via script? Drazen *** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it! Tag: Event Log Dump Parsing Tag: 161731
  - 17
    - Weird The very weird thing is, in my testing, I added a line "RAISERROR('Test',16,1) at the beginning of the stored procedure, and then after the execution, the vbscripts catches the error. If I move the line "RAISERROR.." to any place within the stored procedure after a sub-stored procedure has been called, the vbscripts code could not catch the error. Note that the error is caught by Query Analyzer fine, no matter where I put the RAISERROR. Tag: Event Log Dump Parsing Tag: 161726
  - 18
    - Script in Environment varaible How can I set several environment variables with a VB script. These will be system Environment variables. Thanks Paul Tag: Event Log Dump Parsing Tag: 161724
  - 19
    - Any Way to Change Source name in Event Viewer I'm using "WSHShell.LogEvent" and in the event viewer it says "WSH" as the source. I was wondering if there is a way to change that title? Preferable to the name of my script. Thanks in advance, Craig. Tag: Event Log Dump Parsing Tag: 161720
  - 20
    - Start services using Vbscript within MOM Hello, I like to start the services if they are stopped using MOM, any clue? Could I alter the script that excist in mom to do that? Tag: Event Log Dump Parsing Tag: 161719
  - 21
    - How Do I Handle Specific Errors I have a simple configuration section in which I set the array size, and therefore want to be able to handle the error:Subscript out of range:. As I have "On Error Resume Next" set, which I require I want to be able to capture this error and write it out to my logfile. How do I do this? Thanks in advance, Craig. Tag: Event Log Dump Parsing Tag: 161718
  - 22
    - mass reset password Hi Is there a way to mass change passwords for all the users in an OU of the AD with a scritp I hava a .txt file with the username and new password and I know the OU Can you help me please?? Tag: Event Log Dump Parsing Tag: 161713
  - 23
    - Automatically scrolling IE window to show last lines added I created a script which retrieves values from registry keys on all networked (online) computers in our domain. For that purpose some kind of progress indicator was needed. This is the *example* how that was made: ---START--- Set objExplorer = CreateObject("InternetExplorer.Application") objExplorer.Navigate "about:blank" objExplorer.ToolBar = 0 objExplorer.StatusBar = 0 objExplorer.Width = 800 objExplorer.Height = 600 objExplorer.Left = 0 objExplorer.Top = 0 Do While (objExplorer.Busy) Wscript.Sleep 200 Loop objExplorer.Visible = 1 objExplorer.Document.Body.InnerHTML = "Progress..." Do While 1=1 objExplorer.Document.Body.InnerHTML = objExplorer.Document.Body.InnerHTML & "<BR>" & "some text..." Wscript.Sleep 300 Loop Wscript.Quit ---END--- When this script is run, Internet Explorer is started and lines with text "some text..." are added one under another. When there is too much text to fit on the screen, vertical scrollbar is automatically created and text is scrollable. The question is how to modify the script so that when lines of text are added to the bottom the window automatically scrolls to show the last line added to log, without user having to scroll manually to see the newest lines? Drazen Tag: Event Log Dump Parsing Tag: 161711
  - 24
    - populating a list of available printers (client-side) On the Internet, I found the following simple snippet of VB code that creates a list of available printers: strList = "The following printers are available: " Set objWMIService = GetObject("winmgmts:\\.\root\cimv2") Set PrinterList = objWMIService.ExecQuery("Select Name from Win32_Printer") For Each Printer In PrinterList strList = strList & Chr(13) & Trim(Printer.Name) Next MsgBox strList It works fine under VB 6.0, but not as a client-side script running in an ASP page under the browser (IE 6.0 in my case) - it fails at the GetObject. Is there are way to get this to work as client-side script (or is there an alternative approach that will work and accomplish the same goal?) Any insight or solution would be much appreciated!! Thanks in advance ... -- Trevor Feldman Tag: Event Log Dump Parsing Tag: 161708
  - 25
    - Extracting from Security Log Hi Scripting Experts, I'm trying to write a script to log Domain Logon Failures, rather than trawling thru our DCs logs. For the moment I'm happy with getting output, rather than just logging to a file. So far I have is the following which outputs the number of Domain Logon Failures as indicated by Event ID 675. My question - how do I go about extracting the username and time the event was logged? Scripomatic doesn't seem to mention this for the Win32_NTLogEvent collection. Here's my script so far, help much appreciated. 'VBScript to check the Security Log for Logon Faillures strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Security)}!\\" & _ strComputer & "\root\cimv2") Set colLoggedEvents = objWMIService.ExecQuery _ ("Select * from Win32_NTLogEvent Where Logfile = 'Security' and " _ & "EventCode = '675'") Wscript.Echo "Domain Logon Failures: " & colLoggedEvents.Count Tag: Event Log Dump Parsing Tag: 161705

I am using dumpel.exe to dump several domain controllers' security
event logs 3 times per day. We generate numerous large .evt files due
to required corporate auditing mandates. Now I need to write a
vbscript that will allow me to parse multiple .evt files, looking for
any user activity for a specified user across several days, for
example. I have the need to put this into a fully automated script,
for various reasons, which as far as I can tell rules out eventcomb,
as it appears to require the GUI interface to run interactively. Does
anyone have any suggestion on how to parse these .evt files? I
haven't yet found any utilities other than eventcomb that allow me to
even search a flat .evt file. If you have suggestions, or think
dumpel or eventcomb may still work, please provide an example of the
syntax of these could work given my scenario. Thanks!

Top

Re: Event Log Dump Parsing by Wayne

Wayne
Tue Aug 17 12:09:31 CDT 2004

jacksneed2000@yahoo.com (Jack) wrote in
news:1cbee35b.0408170701.7050790b@posting.google.com:

> I am using dumpel.exe to dump several domain controllers' security
> event logs 3 times per day. We generate numerous large .evt files due
> to required corporate auditing mandates. Now I need to write a
> vbscript that will allow me to parse multiple .evt files, looking for
> any user activity for a specified user across several days, for
> example. I have the need to put this into a fully automated script,
> for various reasons, which as far as I can tell rules out eventcomb,
> as it appears to require the GUI interface to run interactively. Does
> anyone have any suggestion on how to parse these .evt files? I
> haven't yet found any utilities other than eventcomb that allow me to
> even search a flat .evt file. If you have suggestions, or think
> dumpel or eventcomb may still work, please provide an example of the
> syntax of these could work given my scenario. Thanks!
>

Jack,

Search the Microsoft website for the 'logparser' utility. It gives you
SQL type query capabilities against a number of different file formats
including event logs and dumped event logs. It's pretty easy to use once
you get the syntax down and it includes a COM interface if I recall
correctly.

Hope that helps,

Wayne

--
Standard Disclaimer: I said it, they didn't, so blame me, not them!
Spam Avoidance: My reply address is invalid to confuse the spambots.
You can reach me at 'Wayne_Tilton at yahoo dot com'

Top