|
|||
|
|||
The below script can be used to monitor any text based log file for pre determined text strings, it will only send you new events as it detects them and not send the entire history every time. just copy and paste to a text file and save with a .vbs extension then schedule a task to run every 5 minutes and you will know about invalid log on attempts as they happen.
Const cdoSendUsingMethod = "http://schemas.microsoft.com/cdo/configuration/sendusing", _ cdoSendUsingPort = 2, _ cdoSMTPServer = "http://schemas.microsoft.com/cdo/configuration/smtpserver" Const ForReading = 1 Dim intStartAtLine, strFileCreateddate, i, strResults, strTextToScanFor 'who are you mailing to? strMailto = "recipient@domain.com.au" 'default email address the message will be from strMailFrom = "monitor@domain.com.au" 'set SMTP email server address here strSMTPServer = "0.0.0.0" 'full path to the file you wish to monitor FileToRead = "\\full\path\to\logfile.TXT" Set WshShell = WScript.CreateObject("WScript.Shell") On Error Resume Next strLastFileCheckedCreateDate = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\CreateDate") strLastFileLastLineChecked = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\LastLineChecked") On Error GoTo 0 Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set varFile = objFSO.GetFile(FileToRead) 'add more text to scan for by adding ,"item" to the array below ' for example, to search for two strings: ' array("text1","text2") arrTextToScanFor = Array("Invalid User Name or Password","error") strFileCreateDate = varfile.datecreated If CStr(strFileCreateDate) = CStr(strLastFileCheckedCreateDate) Then 'if the date when the current file was created DOES equal ' the date of the file that was checked last time - it's ' the same file. ' 'so, we would want to CONTINUE the search from where we ' last left off. 'MsgBox "TEST!" intStartAtLine = strLastFileLastLineChecked ElseIf strFileCreateDate <> strLastFileCheckedCreateDate Then 'if the date when the current file was created does not equal ' the date of the file that was checked last time - it's ' a new file that has been created. ' 'so, we would want to begin the search from the beginning of ' the file. intStartAtLine = 0 End If i = 0 Dim strNextLine 'MsgBox intStartAtLine Set objTextFile = objFSO.OpenTextFile(FileToRead, ForReading) Do While objTextFile.AtEndOfStream <> True If i < CInt(intStartAtLine) Then objTextFile.skipline Else 'MsgBox i strNextLine = objTextFile.Readline For each strItem in arrTextToScanFor If InStr(LCase(strNextLine),LCase(strItem)) Then strResults = strNextLine & vbcrlf & strResults 'MsgBox strResults End If Next End If i = i + 1 Loop 'MsgBox strResults objTextFile.close set WshShell = CreateObject("WScript.Shell") WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\FileChecked" , FileToRead, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\CreateDa te", strFileCreateDate, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastLineChec ked", i, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastScanned" , Now, "REG_SZ" set WshShell = nothing 'Insert email subject line below If strResults <> "" Then Call sendmail(strMailFrom,strMailTo,"Email Subject",strResults) '------------------------------------------------------------------------ 'Function EmailFile - email the warning file '------------------------------------------------------------------------ Function SendMail(strFrom,strTo,strSubject,strMessage) Dim iMsg, iConf, Flds On Error GoTo 0 '// Create the CDO connections. Set iMsg = CreateObject("CDO.Message") Set iConf = CreateObject("CDO.Configuration") Set Flds = iConf.Fields '// SMTP server configuration. With Flds .Item(cdoSendUsingMethod) = cdoSendUsingPort '// Set the SMTP server address here. .Item(cdoSMTPServer) = strSMTPServer .Update End With '// Set the message properties. With iMsg Set .Configuration = iConf .To = strMailTo .From = strMailFrom .Subject = strSubject .TextBody = strMessage End With 'iMsg.HTMLBody = strMessage '// Send the message. iMsg.Send ' send the message. If CStr(err.number) <> 0 Then Else End If End Function |