Hi all,
The code snippet below uses the WMI provider to go through NT security logs and extract 528 successful login events. The script works fine, however, it logs atleast 4 entries into my output file. Is there any way of parsing out duplicate items within the collection and return only one item?
Thanks in advance!
-Sip
Code:
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" & _
strComputer & "\root\cimv2")
Set colLoggedEvents = objWMI.ExecQuery _
("Select * FROM Win32_NTLogEvent WHERE Logfile = 'Security'")
intEvent = 1
For Each objEvent In colLoggedEvents
If objEvent.EventCode = intNumberID Then
dtmEventDate = objEvent.TimeWritten
strTimeWritten = WMIDateStringToDate(dtmEventDate)
WScript.Echo objEvent.User & "-" & objEvent.TimeWritten
intEvent = intEvent + 1
Next
Output:
DOMAIN\username-20041025124000.000000-420
DOMAIN\username-20041025124000.000000-420
DOMAIN\username-20041025124000.000000-420
DOMAIN\username-20041025124000.000000-420
The code snippet below uses the WMI provider to go through NT security logs and extract 528 successful login events. The script works fine, however, it logs atleast 4 entries into my output file. Is there any way of parsing out duplicate items within the collection and return only one item?
Thanks in advance!
-Sip
Code:
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" & _
strComputer & "\root\cimv2")
Set colLoggedEvents = objWMI.ExecQuery _
("Select * FROM Win32_NTLogEvent WHERE Logfile = 'Security'")
intEvent = 1
For Each objEvent In colLoggedEvents
If objEvent.EventCode = intNumberID Then
dtmEventDate = objEvent.TimeWritten
strTimeWritten = WMIDateStringToDate(dtmEventDate)
WScript.Echo objEvent.User & "-" & objEvent.TimeWritten
intEvent = intEvent + 1
Next
Output:
DOMAIN\username-20041025124000.000000-420
DOMAIN\username-20041025124000.000000-420
DOMAIN\username-20041025124000.000000-420
DOMAIN\username-20041025124000.000000-420
