|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
how to note down files modify or remove action?
How to note down when ActiveDirectory user Create/Modify/Remove file on
server by WScript now i use Auditing Policy to do the same thing,but i hope do that by wscript and write the log to database. please excuse me i am not good at english,hope can understand what i meaning. Try looking into logparser, it can read the events out of your event log and
write them to a SQL database. It is very powerful. http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx Show quote "C.K" wrote: > How to note down when ActiveDirectory user Create/Modify/Remove file on > server by WScript > now i use Auditing Policy to do the same thing,but i hope do that by wscript > and write the log to database. > > please excuse me i am not good at english,hope can understand what i > meaning. > > > thank you,Jeremy
but it is not real-time to get the event can i use some script like Object.NextEvent and write them to database real-time? So are you going to have your script looping and constantly watching the
event log? It sounds like you are trying to have some sort of event driven script that waits for certain types of events and then when it sees one of interest it writes it to a database? Is this correct? Show quote "C.K" wrote: > thank you,Jeremy > but it is not real-time to get the event > can i use some script like Object.NextEvent and write them to database > real-time? > > > Can i just monitor about File Modify/Delete Action?not all Event Log.
I have another script to monitor Print Log by Object.NextEvent not monitor Event-Log,just monitor Win32_PrintJob and I found some interest script from Script Center,here is the URL http://www.microsoft.com/china/technet/community/scriptcenter/filefolder/scr ff46.mspx that can get the event when file was Created/Modified/Deleted but just for one folder or file I am going to find some way let it working as Win32_PrintJob when the event happened,return [who,when,targetName,...] excuse me such awful english. Well what you are describing is that you want something that is Event Driven.
That is that the logging of the action (Create, Modify, Delete etc) triggers the data you want to capture. Windows has this ability built into the Event Log. Say you wanted to write a script that monitored a files system, you'd either have to write something that was extremely low level (i.e. hooked into MTFS itself) or you'd have to have a script that monitor hundreds, or thousands or more of objects all them taking up valuable resources. So since Windows has a built-in way of capturing the data you want, then why not just use it. It is unfortunate that the windows Security log is so poor becuase you could just use it. unfortunately it is quite hard to manage. There are lots of 3rd party apps with agents that can do exactly what you want. I think one of the good ones is called SNARE. It might be best if you look into this. Cheers, Jeremy. Show quote "C.K" wrote: > Can i just monitor about File Modify/Delete Action?not all Event Log. > > I have another script to monitor Print Log by Object.NextEvent > not monitor Event-Log,just monitor Win32_PrintJob > and I found some interest script from Script Center,here is the URL > http://www.microsoft.com/china/technet/community/scriptcenter/filefolder/scr > ff46.mspx > that can get the event when file was Created/Modified/Deleted > but just for one folder or file > > I am going to find some way let it working as Win32_PrintJob > when the event happened,return [who,when,targetName,...] > > excuse me such awful english. > > >  |
|||||||||||||||||||||||
Other interesting topics