|
Posted by Roger Abell [MVP] on February 22, 2007, 2:07 am
Please log in for more thread options
> Hi All,
>
> I am logging certain events into the security event log by using
> AuthzReportSecurityEvent. Everything is working great except when the
> user looks into the Security Event log, the Category column is shown as
> (3). I want it to show "Object Access" but I cannot find what the actual
> numeric value should be so that it shows "Object Access" instead of (3).
> I have complete control over the message file (i.e. X.mc) so can change
> the message definitions if need be. Any advice would be greatly
> appreciated.
>
Well, that is sort of a good question, since category 3 for source
Security is in fact Object Access.
If you look with such as
sComp = "." ' or as desired
sQuery = "Select * from Win32_NTLogEvent Where Logfile = 'Security' And
'Category = 3'"
Set oWmiSvc = GetObject("winmgmts:" _
& "!\" & sComp & "\root\cimv2")
Set cEvents = oWmiSvc.ExecQuery(sQuery)
are your events in the resulting collection?
(if not, drop the And 'Category = 3' from the where clause)
Look for relevent oEvent in cEvents collection by examining
such as
sEvtSrc = oEvent.SourceName
sEvtCat = oEvent.Category
iEvt = oEvent.EventCode
sEvtDesc = oEvent.Description
etc.
I suspect that sEvtSrc for your events is not "Security" and so
it does not have a resources to translate the category 3 to show.
Roger
| 
XML Sitemap