All log on failures from other accounts

[iamtheky]

Message is broken out further and requires extra massaging, that and I am formatting it for eventual Neo4j graph sexiness.

expandcollapse popup

#include <AutoItConstants.au3>
#include<array.au3>
#RequireAdmin

$outfile = "test_PS_csv_failures.csv"
If fileexists($outfile) then FileDelete($outfile)

$iPID = run("powershell get-eventlog -logname security -Message '*An account failed to log on*' | select Index,TimeGenerated,Message | format-list" , "", @SW_HIDE , $stdout_child)

$sOutput = ""

 While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then
            ExitLoop
        EndIf
 WEnd

$aStr = stringsplit($sOutput , @CRLF , 3)

For $i = ubound($aStr) - 1 to 0 step - 1
    If NOT stringinstr($aStr[$i] , ":") Then _ArrayDelete($aStr , $i)
Next

;~ _ArrayDisplay($aStr)
$sFinal = ""
$sLine = ""
$k = 0

for $i = 0 to 29

  $sLine &= stringregexpreplace(stringstripws($aStr[$i] , 8) , "(\:.*)" , "") & ","

next

$sFinal &= StringTrimRight($sLine , 1) & @LF
$sLine = ""

for $i = 30 to ubound($aStr) - 1

  $aStr[$i] = stringreplace($aStr[$i] , "," , "_")
  $sLine &= stringregexpreplace($aStr[$i] , "(\A.*\D:)" , "") & ","
  $k += 1

    If $k = 30 Then
      If NOT StringInStr($sLine , @UserName) Then $sFinal &= StringTrimRight($sLine , 1) & @LF
      $sLine = ""
      $k = 0
    EndIf

next

;~ msgbox(0, '' , $sFinal)
filewrite($outfile , $sFinal)
shellexecute($outfile)

 

Edited January 13, 2016 by iamtheky
fixed TimeGenerated