Jump to content

Write to Security Event Log in Windows 10

antmar904
 Share

Recommended Posts

BrewManNH Universalist

BrewManNH

Posted
Posted

Have you tried running the script with #RequireAdmin? The security log is access protected.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
antmar904 Universalist

antmar904

Posted
  • Author
Posted
Just now, JLogan3o13 said:

How about posting your code that isn't working, rather than us guessing? :)

As stated in my first post I was just using the example code from the help file just changing the Event Log to "Security". :)

I do not get any errors in SciTE.

  

#RequireAdmin
#include <EventLog.au3>

Example()

Func Example()
    Local $hEventLog, $aData[4] = [3, 1, 2, 3]

    $hEventLog = _EventLog__Open("", "Security")
    _EventLog__Report($hEventLog, 4, 0, 2, "Administrator", "AutoIt3 generated event", $aData)
    _EventLog__Close($hEventLog)
EndFunc   ;==>Example

 

Link to comment
Share on other sites
  • Moderators
JLogan3o13 Universalist

JLogan3o13

Posted
  • Moderators
Posted
14 minutes ago, antmar904 said:

As stated in my first post I was just using the example code from the help file just changing the Event Log to "Security". :)

I saw, but you have been around long enough to know as well as I how people modify or fail to copy the example correctly; always better to see what you're using. :) 

To the issue at hand, the Security log is locked down tighter than the Application log by design in current OS's; MS does not want this being written to by just any application out there. On the few occasions where I have had to do this I usually resort to PowerShell (which you can run from AutoIt if part of a larger script). Look at Write-EventLog. In order to write to the Security log, however, you will need to create a new source in the registry; this can be done with New-EventLog.

 

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites
antmar904 Universalist

antmar904

Posted
  • Author
Posted
15 hours ago, JLogan3o13 said:

I saw, but you have been around long enough to know as well as I how people modify or fail to copy the example correctly; always better to see what you're using. :) 

To the issue at hand, the Security log is locked down tighter than the Application log by design in current OS's; MS does not want this being written to by just any application out there. On the few occasions where I have had to do this I usually resort to PowerShell (which you can run from AutoIt if part of a larger script). Look at Write-EventLog. In order to write to the Security log, however, you will need to create a new source in the registry; this can be done with New-EventLog.

 

bummer, I am testing out our SIEM and can only use the Security event logs.  Thanks again.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...