#! c:\perl\bin\perl.exe use strict; use Win32::Lanman; use Win32::Perms; my $server = shift || Win32::NodeName; Win32::Perms::LookupDC(0); \&GetEvents($server,"Security"); sub GetEvents { my($server,$evtlog) = @_; my(@events,$event,$desc); my %types = (1 => "(Error)", 4 => "(Information)", 8 => "(Success Audit)", 16 => "(Failure Audit)"); my %category = (0 => "(None)", 1 => "(System Event)", 2 => "(Logon/Logoff)", 3 => "(Object Access)", 4 => "(Privilege Use)"); if(Win32::Lanman::ReadEventLog("\\\\$server", $evtlog, 0xffffffff, 0, \@events)) { foreach $event (@events) { print "Computer: ".${$event}{computername}."\n"; print "Category: ".${$event}{eventcategory}." ".$category{${$event}{eventcategory}}."\n"; my $id = (${$event}{eventid} & 0xffff); print "Event ID: ".$id."\n"; print "EventType: ".${$event}{eventtype}." ".$types{${$event}{eventtype}}."\n"; print "Source: ".${$event}{source}."\n"; print "SourceName: ".${$event}{sourcename}."\n"; print "Generated: ".localtime(${$event}{timegenerated})."\n"; print "Written: ".localtime(${$event}{timewritten})."\n"; print "Flags: ".${$event}{reservedflags}."\n"; print "User: ".Win32::Perms::ResolveAccount(${$event}{usersid})."\n"; print "Description: "; if (Win32::Lanman::GetEventDescription("\\\\$server", $event)) { $desc = ${$event}{eventdescription}; print $desc."\n"; } else { my $strings = ${$event}{strings}; print "\n"; foreach (@$strings) { print "\t+".$_."\n"; } } # print "Data: ".unpack("H".2 *length(${$event}{data}), ${$event}{data})."\n" # if (${$event}{data} ne ""); print "\n\n"; } } else { my $err = Win32::FormatMessage Win32::Lanman::GetLastError(); $err = Win32::Lanman::GetLastError() if ($err eq ""); print "$server: ReadEventLog error: $err.\n"; } }