- 浏览: 113541 次
- 性别:
- 来自: 北京
最新评论
-
ksfsb0345299:
com.sinoufc.base.monitor.item.m ...
读MIB文件 -
di1984HIT:
学习了~~~
读MIB文件 -
diyunpeng:
文章写的不错
WMI常见问题及解决方法 -
lnfszl:
...
JMX监控tomcat
package com.mytest; import java.io.IOException; import java.util.logging.Level; import org.jinterop.dcom.common.JIException; import org.jinterop.dcom.common.JISystem; import org.jinterop.dcom.core.JIComServer; import org.jinterop.dcom.core.JIProgId; import org.jinterop.dcom.core.JISession; import org.jinterop.dcom.core.JIString; import org.jinterop.dcom.core.JIVariant; import org.jinterop.dcom.impls.JIObjectFactory; import org.jinterop.dcom.impls.automation.IJIDispatch; public class EventLogListener { private static final String WMI_DEFAULT_NAMESPACE = "ROOT\\CIMV2"; private static JISession configAndConnectDCom(String domain, String user, String pass) throws Exception { JISystem.getLogger().setLevel(Level.OFF); try { JISystem.setInBuiltLogHandler(false); } catch (IOException ignored) { ; } JISystem.setAutoRegisteration(true); JISession dcomSession = JISession.createSession(domain, user, pass); dcomSession.useSessionSecurity(true); return dcomSession; } private static IJIDispatch getWmiLocator(String host, JISession dcomSession) throws Exception { JIComServer wbemLocatorComObj = new JIComServer(JIProgId .valueOf("WbemScripting.SWbemLocator"), host, dcomSession); return (IJIDispatch) JIObjectFactory.narrowObject(wbemLocatorComObj .createInstance().queryInterface(IJIDispatch.IID)); } private static IJIDispatch toIDispatch(JIVariant comObjectAsVariant) throws JIException { return (IJIDispatch) JIObjectFactory.narrowObject(comObjectAsVariant .getObjectAsComObject()); } public static void main(String[] args) { //if (args.length != 4) { //System.out.println("Usage: " //+ EventLogListener.class.getSimpleName() //+ " domain host username password"); //return; //} String domain = ""; String host = "192.168.4.253"; String user = "administrator"; String pass ="123456"; JISession dcomSession = null; try { // Connect to DCOM on the remote system, and create an instance of // the WbemScripting.SWbemLocator object to talk to WMI. dcomSession = configAndConnectDCom(domain, user, pass); IJIDispatch wbemLocator = getWmiLocator(host, dcomSession); // Invoke the "ConnectServer" method on the SWbemLocator object via // it's IDispatch COM pointer. We will connect to // the default ROOT\CIMV2 namespace. This will result in us having a // reference to a "SWbemServices" object. JIVariant results[] = wbemLocator.callMethodA("ConnectServer", new Object[] { new JIString(host), new JIString(WMI_DEFAULT_NAMESPACE), JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM(), new Integer(0), JIVariant.OPTIONAL_PARAM() }); IJIDispatch wbemServices = toIDispatch(results[0]); // Now that we have a SWbemServices DCOM object reference, we // prepare a WMI Query Language (WQL) request to be informed // whenever a // new instance of the "Win32_NTLogEvent" WMI class is created on // the remote host. This is submitted to the remote host via the // "ExecNotificationQuery" method on SWbemServices. This gives us // all events as they come in. Refer to WQL documentation to // learn how to restrict the query if you want a narrower focus. final String QUERY_FOR_ALL_LOG_EVENTS = "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'"; //final String QUERY_FOR_ALL_LOG_EVENTS = "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent' and TargetInstance.LogFile = 'System'"; //Application //Security //System // and TargetInstance.LogFile = 'System' final int RETURN_IMMEDIATE = 16; final int FORWARD_ONLY = 32; JIVariant[] eventSourceSet = wbemServices.callMethodA( "ExecNotificationQuery", new Object[] { new JIString(QUERY_FOR_ALL_LOG_EVENTS), new JIString("WQL"), new JIVariant(new Integer(RETURN_IMMEDIATE + FORWARD_ONLY)) }); IJIDispatch wbemEventSource = (IJIDispatch) JIObjectFactory .narrowObject((eventSourceSet[0]).getObjectAsComObject()); // The result of the query is a SWbemEventSource object. This object // exposes a method that we can call in a loop to retrieve the // next Windows Event Log entry whenever it is created. This // "NextEvent" operation will block until we are given an event. // Note that you can specify timeouts, see the Microsoft // documentation for more details. boolean flag = true; int i=0; while (flag) { // this blocks until an event log entry appears. JIVariant eventAsVariant = (JIVariant) (wbemEventSource .callMethodA("NextEvent", new Object[] { JIVariant .OPTIONAL_PARAM() }))[0]; IJIDispatch wbemEvent = toIDispatch(eventAsVariant); // WMI gives us events as SWbemObject instances (a base class of // any WMI object). We know in our case we asked for a specific // object // type, so we will go ahead and invoke methods supported by // that Win32_NTLogEvent class via the wbemEvent IDispatch // pointer. // In this case, we simply call the "GetObjectText_" method that // returns us the entire object as a CIM formatted string. We // could, // however, ask the object for its property values via // wbemEvent.get("PropertyName"). See the j-interop // documentation and examples // for how to query COM properties. JIVariant objTextAsVariant = (JIVariant) (wbemEvent .callMethodA("GetObjectText_", new Object[] { new Integer(1) }))[0]; String asText = objTextAsVariant.getObjectAsString() .getString(); System.out.println("******************************************=="+i++ +"==****************************"); System.out.println(asText); //flag = false; // System.out.println("-----start------"); // System.out.println(asText); // String[] texts = asText.split("\t"); // for(int i = 0; i < texts.length; i++) // { // System.out.println( "texts["+ i +"]= "+texts[i]); // } } } catch (Exception e) { e.printStackTrace(); } finally { if (null != dcomSession) { try { JISession.destroySession(dcomSession); } catch (Exception ex) { ex.printStackTrace(); } } } } }
输出结果:
******************************************==0==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
Data = {49, 0, 46, 0, 49, 0, 0, 0, 48, 0, 0, 0, 77, 0, 105, 0, 99, 0, 114, 0, 111, 0, 115, 0, 111, 0, 102, 0, 116, 0, 32, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 32, 0, 83, 0, 101, 0, 114, 0, 118, 0, 101, 0, 114, 0, 32, 0, 50, 0, 48, 0, 48, 0, 51, 0, 0, 0, 53, 0, 46, 0, 50, 0, 46, 0, 51, 0, 55, 0, 57, 0, 48, 0, 32, 0, 66, 0, 117, 0, 105, 0, 108, 0, 100, 0, 32, 0, 51, 0, 55, 0, 57, 0, 48, 0, 32, 0, 83, 0, 101, 0, 114, 0, 118, 0, 105, 0, 99, 0, 101, 0, 32, 0, 80, 0, 97, 0, 99, 0, 107, 0, 32, 0, 50, 0, 0, 0, 85, 0, 110, 0, 105, 0, 112, 0, 114, 0, 111, 0, 99, 0, 101, 0, 115, 0, 115, 0, 111, 0, 114, 0, 32, 0, 70, 0, 114, 0, 101, 0, 101, 0, 0, 0, 51, 0, 55, 0, 57, 0, 48, 0, 46, 0, 115, 0, 114, 0, 118, 0, 48, 0, 51, 0, 95, 0, 115, 0, 112, 0, 50, 0, 95, 0, 114, 0, 116, 0, 109, 0, 46, 0, 48, 0, 55, 0, 48, 0, 50, 0, 49, 0, 54, 0, 45, 0, 49, 0, 55, 0, 49, 0, 48, 0, 0, 0, 52, 0, 101, 0, 99, 0, 98, 0, 49, 0, 56, 0, 52, 0, 52, 0, 0, 0, 78, 0, 111, 0, 116, 0, 32, 0, 65, 0, 118, 0, 97, 0, 105, 0, 108, 0, 97, 0, 98, 0, 108, 0, 101, 0, 0, 0, 78, 0, 111, 0, 116, 0, 32, 0, 65, 0, 118, 0, 97, 0, 105, 0, 108, 0, 97, 0, 98, 0, 108, 0, 101, 0, 0, 0, 48, 0, 0, 0, 49, 0, 0, 0, 51, 0, 56, 0, 52, 0, 0, 0, 56, 0, 48, 0, 52, 0, 0, 0, 117, 0, 102, 0, 99, 0, 45, 0, 54, 0, 97, 0, 48, 0, 97, 0, 48, 0, 98, 0, 49, 0, 102, 0, 55, 0, 54, 0, 99, 0, 0, 0, 0, 0};
EventCode = 6005;
EventIdentifier = 2147489653;
EventType = 3;
InsertionStrings = {"", "", "", "", "13", "60", "-480 中国标准时间"};
Logfile = "System";
Message = "事件日志服务已启动。
\n";
RecordNumber = 650;
SourceName = "EventLog";
TimeGenerated = "20111125085922.000000+480";
TimeWritten = "20111125085922.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564746875000";
};
******************************************==1==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 10026;
EventIdentifier = 1075849002;
EventType = 3;
InsertionStrings = {"86400", "SuppressDuplicateDuration", "Software\\Microsoft\\Ole\\EventLog"};
Logfile = "System";
Message = "COM 子系统正在取消 86400 秒持续时间内重复的事件日志项。可以通过下列注册表项下名为 SuppressDuplicateDuration 的 REG_DWORD 值控制取消超时: HKLM\\Software\\Microsoft\\Ole\\EventLog。
\n";
RecordNumber = 651;
SourceName = "DCOM";
TimeGenerated = "20111125085922.000000+480";
TimeWritten = "20111125085922.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747031250";
};
******************************************==2==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 3;
EventIdentifier = 1113194499;
EventType = 3;
Logfile = "System";
Message = "应用程序体验查找服务已成功地启动。
\n";
RecordNumber = 652;
SourceName = "AeLookupSvc";
TimeGenerated = "20111125085929.000000+480";
TimeWritten = "20111125085929.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747031251";
};
******************************************==3==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 17;
EventIdentifier = 2186936337;
EventType = 1;
InsertionStrings = {"time.windows.com,0x1", "套接字操作尝试一个无法连接的主机。 (0x80072751)", "15"};
Logfile = "System";
Message = "时间提供程序 NtpClient: 在 DNS 查询手动配置的对等机器 'time.windows.com,0x1' 时发生一个错误。
\nNtpClient 将在 15 分钟内重试 NDS 查询。
\n错误为: 套接字操作尝试一个无法连接的主机。 (0x80072751)
\n";
RecordNumber = 653;
SourceName = "W32Time";
TimeGenerated = "20111125085930.000000+480";
TimeWritten = "20111125085930.000000+480";
Type = "错误";
};
TIME_CREATED = "129666564747031252";
};
******************************************==4==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
Data = {0, 0, 0, 0, 1, 0, 84, 0, 0, 0, 0, 0, 199, 16, 0, 64, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
EventCode = 4295;
EventIdentifier = 1073746119;
EventType = 3;
InsertionStrings = {""};
Logfile = "System";
Message = "IPSec 驱动程序以 Bypass 模式启动。在此计算机启动时没有 IPSec
\n安全性会被应用到此计算机。如果配置了IPSec 策略,它们将在
\nIPSec 服务启动后被应用到此计算机。
\n";
RecordNumber = 654;
SourceName = "IPSec";
TimeGenerated = "20111125085914.000000+480";
TimeWritten = "20111125085944.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747031253";
};
******************************************==5==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
Data = {0, 0, 0, 0, 1, 0, 84, 0, 0, 0, 0, 0, 198, 16, 0, 64, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
EventCode = 4294;
EventIdentifier = 1073746118;
EventType = 3;
InsertionStrings = {""};
Logfile = "System";
Message = "IPSec 驱动程序进入 Secure 状态。如果配置了 IPSec 策略,
\n将在现在被应用到此计算机。
\n";
RecordNumber = 655;
SourceName = "IPSec";
TimeGenerated = "20111125085929.000000+480";
TimeWritten = "20111125085944.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747031254";
};
******************************************==6==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 7035;
EventIdentifier = 1073748859;
EventType = 3;
InsertionStrings = {"Network Location Awareness (NLA)", "开始"};
Logfile = "System";
Message = "Network Location Awareness (NLA) 服务成功发送一个 开始 控件。
\n";
RecordNumber = 656;
SourceName = "Service Control Manager";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "信息";
User = "NT AUTHORITY\\SYSTEM";
};
TIME_CREATED = "129666564747031255";
};
******************************************==7==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 7036;
EventIdentifier = 1073748860;
EventType = 3;
InsertionStrings = {"Network Location Awareness (NLA)", "正在运行"};
Logfile = "System";
Message = "Network Location Awareness (NLA) 服务处于 正在运行 状态。
\n";
RecordNumber = 657;
SourceName = "Service Control Manager";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747031256";
};
******************************************==8==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 7035;
EventIdentifier = 1073748859;
EventType = 3;
InsertionStrings = {"Terminal Services", "开始"};
Logfile = "System";
Message = "Terminal Services 服务成功发送一个 开始 控件。
\n";
RecordNumber = 658;
SourceName = "Service Control Manager";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "信息";
User = "NT AUTHORITY\\SYSTEM";
};
TIME_CREATED = "129666564747031257";
};
******************************************==9==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 7036;
EventIdentifier = 1073748860;
EventType = 3;
InsertionStrings = {"Terminal Services", "正在运行"};
Logfile = "System";
Message = "Terminal Services 服务处于 正在运行 状态。
\n";
RecordNumber = 659;
SourceName = "Service Control Manager";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747031258";
};
******************************************==10==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 7035;
EventIdentifier = 1073748859;
EventType = 3;
InsertionStrings = {"Application Layer Gateway Service", "开始"};
Logfile = "System";
Message = "Application Layer Gateway Service 服务成功发送一个 开始 控件。
\n";
RecordNumber = 660;
SourceName = "Service Control Manager";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "信息";
User = "NT AUTHORITY\\SYSTEM";
};
TIME_CREATED = "129666564747031259";
};
******************************************==11==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 7036;
EventIdentifier = 1073748860;
EventType = 3;
InsertionStrings = {"Application Layer Gateway Service", "正在运行"};
Logfile = "System";
Message = "Application Layer Gateway Service 服务处于 正在运行 状态。
\n";
RecordNumber = 661;
SourceName = "Service Control Manager";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747031260";
};
******************************************==12==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 84, 1, 0, 0, 96, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 1, 12, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 97, 0, 110, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "TM";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 4193;
EventIdentifier = 1073746017;
EventType = 3;
InsertionStrings = {"0", "0", "0", "0", "0", "0", "1"};
Logfile = "Application";
Message = "MS DTC 已启动,设置如下(OFF = 0,ON = 1):
\n
\n安全配置:
\n 事务的网络管理 = 0,
\n 网络客户端 = 0,
\n 使用本机 MSDTC 协议的入站分布式事务 = 0,
\n 使用本机 MSDTC 协议的出站分布式事务 = 0,
\n 事务 Internet 协议(TIP) = 0,
\n XA 事务 = 0
\n
\n筛选的重复事件 = 1";
RecordNumber = 152;
SourceName = "MSDTC";
TimeGenerated = "20111125085929.000000+480";
TimeWritten = "20111125085929.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747187500";
};
******************************************==13==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 84, 1, 0, 0, 96, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 1, 12, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 97, 0, 110, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 4625;
EventIdentifier = 1073746449;
EventType = 3;
InsertionStrings = {"86400", "SuppressDuplicateDuration", "Software\\Microsoft\\EventSystem\\EventLog"};
Logfile = "Application";
Message = "EventSystem 子系统正在取消 86400 秒持续时间内重复的事件日志项。可以通过下列注册表项下名为 SuppressDuplicateDuration 的 REG_DWORD 值控制取消超时: HKLM\\Software\\Microsoft\\EventSystem\\EventLog。
\n";
RecordNumber = 153;
SourceName = "EventSystem";
TimeGenerated = "20111125085929.000000+480";
TimeWritten = "20111125085929.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747187501";
};
******************************************==14==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 84, 1, 0, 0, 96, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 1, 12, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 97, 0, 110, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 100;
ComputerName = "UFC-6A0A0B1F76C";
Data = {65, 112, 112, 108, 105, 99, 97, 116, 105, 111, 110, 32, 70, 97, 105, 108, 117, 114, 101, 32, 32, 115, 118, 99, 104, 111, 115, 116, 46, 101, 120, 101, 32, 53, 46, 50, 46, 51, 55, 57, 48, 46, 51, 57, 53, 57, 32, 105, 110, 32, 107, 101, 114, 110, 101, 108, 51, 50, 46, 100, 108, 108, 32, 53, 46, 50, 46, 51, 55, 57, 48, 46, 51, 57, 53, 57, 32, 97, 116, 32, 111, 102, 102, 115, 101, 116, 32, 48, 48, 48, 54, 98, 101, 98, 56};
EventCode = 1004;
EventIdentifier = 1004;
EventType = 3;
InsertionStrings = {"svchost.exe", "5.2.3790.3959", "kernel32.dll", "5.2.3790.3959", "0006beb8"};
Logfile = "Application";
Message = "报告队列中的错误: 错误应用程序 svchost.exe,版本 5.2.3790.3959,错误模块 kernel32.dll,版本 5.2.3790.3959,错误地址 0x0006beb8。
\n";
RecordNumber = 154;
SourceName = "Application Error";
TimeGenerated = "20111125085942.000000+480";
TimeWritten = "20111125085942.000000+480";
Type = "信息";
};
TIME_CREATED = "129666564747187502";
};
******************************************==15==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 528;
EventIdentifier = 528;
EventType = 4;
InsertionStrings = {"SYSTEM", "NT AUTHORITY", "(0x0,0x3E7)", "0", "-", "-", "-", "-", "-", "-", "-", "4", "-", "-", "-"};
Logfile = "Security";
Message = "登录成功:
\n
\n\t用户名: \tSYSTEM
\n
\n\t域: \t\tNT AUTHORITY
\n
\n\t登录 ID: \t\t(0x0,0x3E7)
\n
\n\t登录类型: \t0
\n
\n\t登录进程: \t-
\n
\n\t身份验证数据包: \t-
\n
\n\t工作站名:\t-
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\t-
\n
\n\t调用方域:\t-
\n
\n\t调用方登录 ID:\t-
\n
\n\t调用方进程 ID: 4
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t-
\n
\n\t源端口:\t-
\n
\n";
RecordNumber = 3980;
SourceName = "Security";
TimeGenerated = "20111125085926.000000+480";
TimeWritten = "20111125085926.000000+480";
Type = "审核成功";
User = "NT AUTHORITY\\SYSTEM";
};
TIME_CREATED = "129666564748281250";
};
******************************************==16==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 528;
EventIdentifier = 528;
EventType = 4;
InsertionStrings = {"NETWORK SERVICE", "NT AUTHORITY", "(0x0,0x3E4)", "5", "Advapi ", "Negotiate", "", "-", "UFC-6A0A0B1F76C$", "WORKGROUP", "(0x0,0x3E7)", "380", "-", "-", "-"};
Logfile = "Security";
Message = "登录成功:
\n
\n\t用户名: \tNETWORK SERVICE
\n
\n\t域: \t\tNT AUTHORITY
\n
\n\t登录 ID: \t\t(0x0,0x3E4)
\n
\n\t登录类型: \t5
\n
\n\t登录进程: \tAdvapi
\n
\n\t身份验证数据包: \tNegotiate
\n
\n\t工作站名:\t
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\tUFC-6A0A0B1F76C$
\n
\n\t调用方域:\tWORKGROUP
\n
\n\t调用方登录 ID:\t(0x0,0x3E7)
\n
\n\t调用方进程 ID: 380
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t-
\n
\n\t源端口:\t-
\n
\n";
RecordNumber = 3981;
SourceName = "Security";
TimeGenerated = "20111125085926.000000+480";
TimeWritten = "20111125085926.000000+480";
Type = "审核成功";
User = "NT AUTHORITY\\NETWORK SERVICE";
};
TIME_CREATED = "129666564748281251";
};
******************************************==17==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"NETWORK SERVICE", "NT AUTHORITY", "(0x0,0x3E4)", "SeAuditPrivilege
\n\t\t\tSeAssignPrimaryTokenPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tNETWORK SERVICE
\n
\n\t域:\t\tNT AUTHORITY
\n
\n\t登录 ID:\t\t(0x0,0x3E4)
\n
\n\t特权:\tSeAuditPrivilege
\n\t\t\tSeAssignPrimaryTokenPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 3982;
SourceName = "Security";
TimeGenerated = "20111125085926.000000+480";
TimeWritten = "20111125085926.000000+480";
Type = "审核成功";
User = "NT AUTHORITY\\NETWORK SERVICE";
};
TIME_CREATED = "129666564748281252";
};
******************************************==18==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 528;
EventIdentifier = 528;
EventType = 4;
InsertionStrings = {"LOCAL SERVICE", "NT AUTHORITY", "(0x0,0x3E5)", "5", "Advapi ", "Negotiate", "", "-", "UFC-6A0A0B1F76C$", "WORKGROUP", "(0x0,0x3E7)", "380", "-", "-", "-"};
Logfile = "Security";
Message = "登录成功:
\n
\n\t用户名: \tLOCAL SERVICE
\n
\n\t域: \t\tNT AUTHORITY
\n
\n\t登录 ID: \t\t(0x0,0x3E5)
\n
\n\t登录类型: \t5
\n
\n\t登录进程: \tAdvapi
\n
\n\t身份验证数据包: \tNegotiate
\n
\n\t工作站名:\t
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\tUFC-6A0A0B1F76C$
\n
\n\t调用方域:\tWORKGROUP
\n
\n\t调用方登录 ID:\t(0x0,0x3E7)
\n
\n\t调用方进程 ID: 380
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t-
\n
\n\t源端口:\t-
\n
\n";
RecordNumber = 3983;
SourceName = "Security";
TimeGenerated = "20111125085926.000000+480";
TimeWritten = "20111125085926.000000+480";
Type = "审核成功";
User = "NT AUTHORITY\\LOCAL SERVICE";
};
TIME_CREATED = "129666564748281253";
};
******************************************==19==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"LOCAL SERVICE", "NT AUTHORITY", "(0x0,0x3E5)", "SeAuditPrivilege
\n\t\t\tSeAssignPrimaryTokenPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tLOCAL SERVICE
\n
\n\t域:\t\tNT AUTHORITY
\n
\n\t登录 ID:\t\t(0x0,0x3E5)
\n
\n\t特权:\tSeAuditPrivilege
\n\t\t\tSeAssignPrimaryTokenPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 3984;
SourceName = "Security";
TimeGenerated = "20111125085926.000000+480";
TimeWritten = "20111125085926.000000+480";
Type = "审核成功";
User = "NT AUTHORITY\\LOCAL SERVICE";
};
TIME_CREATED = "129666564748281254";
};
******************************************==20==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 540;
EventIdentifier = 540;
EventType = 4;
InsertionStrings = {"", "", "(0x0,0xC2DE)", "3", "NtLmSsp ", "NTLM", "", "-", "-", "-", "-", "-", "-", "-", "-"};
Logfile = "Security";
Message = "成功的网络登录:
\n
\n\t用户名:\t
\n
\n\t域:\t\t
\n
\n\t登录 ID:\t\t(0x0,0xC2DE)
\n
\n\t登录类型:\t3
\n
\n\t登录过程:\tNtLmSsp
\n
\n\t身份验证数据包:\tNTLM
\n
\n\t工作站名:\t
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\t-
\n
\n\t调用方域:\t-
\n
\n\t调用方登录 ID:\t-
\n
\n\t调用方进程 ID: -
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t-
\n
\n\t源端口:\t-
\n
\n";
RecordNumber = 3985;
SourceName = "Security";
TimeGenerated = "20111125085929.000000+480";
TimeWritten = "20111125085929.000000+480";
Type = "审核成功";
User = "NT AUTHORITY\\ANONYMOUS LOGON";
};
TIME_CREATED = "129666564748437500";
};
******************************************==21==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 9;
CategoryString = "帐户登录";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 680;
EventIdentifier = 680;
EventType = 4;
InsertionStrings = {"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0", "Administrator", "UFC-6A0A0B1F76C", "0x0"};
Logfile = "Security";
Message = "尝试登录的用户: \tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0
\n
\n登录帐户: \tAdministrator
\n
\n源工作站: \tUFC-6A0A0B1F76C
\n
\n错误代码: \t0x0
\n
\n";
RecordNumber = 3986;
SourceName = "Security";
TimeGenerated = "20111125085941.000000+480";
TimeWritten = "20111125085942.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748593750";
};
******************************************==22==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 552;
EventIdentifier = 552;
EventType = 4;
InsertionStrings = {"UFC-6A0A0B1F76C$", "WORKGROUP", "(0x0,0x3E7)", "-", "Administrator", "UFC-6A0A0B1F76C", "-", "localhost", "localhost", "332", "127.0.0.1", "0"};
Logfile = "Security";
Message = "使用明确凭据的登录尝试:
\n
\n登录的用户:
\n
\n\t用户名:\tUFC-6A0A0B1F76C$
\n
\n\t域:\t\tWORKGROUP
\n
\n\t登录 ID:\t\t(0x0,0x3E7)
\n
\n\t登录 GUID:\t-
\n
\n凭据被使用的用户:
\n
\n\t目标用户名:\tAdministrator
\n
\n\t目标域:\tUFC-6A0A0B1F76C
\n
\n\t目标登录 GUID: -
\n
\n
\n目标服务器名称:\tlocalhost
\n
\n目标服务器信息:\tlocalhost
\n
\n调用方进程 ID:\t332
\n
\n源网络地址:\t127.0.0.1
\n
\n源端口:\t0
\n
\n";
RecordNumber = 3987;
SourceName = "Security";
TimeGenerated = "20111125085941.000000+480";
TimeWritten = "20111125085942.000000+480";
Type = "审核成功";
User = "NT AUTHORITY\\SYSTEM";
};
TIME_CREATED = "129666564748593751";
};
******************************************==23==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 528;
EventIdentifier = 528;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x10AB2)", "2", "User32 ", "Negotiate", "UFC-6A0A0B1F76C", "-", "UFC-6A0A0B1F76C$", "WORKGROUP", "(0x0,0x3E7)", "332", "-", "127.0.0.1", "0"};
Logfile = "Security";
Message = "登录成功:
\n
\n\t用户名: \tAdministrator
\n
\n\t域: \t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID: \t\t(0x0,0x10AB2)
\n
\n\t登录类型: \t2
\n
\n\t登录进程: \tUser32
\n
\n\t身份验证数据包: \tNegotiate
\n
\n\t工作站名:\tUFC-6A0A0B1F76C
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\tUFC-6A0A0B1F76C$
\n
\n\t调用方域:\tWORKGROUP
\n
\n\t调用方登录 ID:\t(0x0,0x3E7)
\n
\n\t调用方进程 ID: 332
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t127.0.0.1
\n
\n\t源端口:\t0
\n
\n";
RecordNumber = 3988;
SourceName = "Security";
TimeGenerated = "20111125085941.000000+480";
TimeWritten = "20111125085942.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748593752";
};
******************************************==24==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x10AB2)", "SeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x10AB2)
\n
\n\t特权:\tSeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 3989;
SourceName = "Security";
TimeGenerated = "20111125085941.000000+480";
TimeWritten = "20111125085942.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750000";
};
******************************************==25==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 9;
CategoryString = "帐户登录";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 680;
EventIdentifier = 680;
EventType = 4;
InsertionStrings = {"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0", "administrator", "\\\\192.168.4.254", "0x0"};
Logfile = "Security";
Message = "尝试登录的用户: \tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0
\n
\n登录帐户: \tadministrator
\n
\n源工作站: \t\\\\192.168.4.254
\n
\n错误代码: \t0x0
\n
\n";
RecordNumber = 3990;
SourceName = "Security";
TimeGenerated = "20111125090112.000000+480";
TimeWritten = "20111125090112.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750001";
};
******************************************==26==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1A9BF)", "SeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1A9BF)
\n
\n\t特权:\tSeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 3991;
SourceName = "Security";
TimeGenerated = "20111125090112.000000+480";
TimeWritten = "20111125090112.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750002";
};
******************************************==27==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 540;
EventIdentifier = 540;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1A9BF)", "3", "NtLmSsp ", "NTLM", "\\\\192.168.4.254", "-", "-", "-", "-", "-", "-", "192.168.4.254", "0"};
Logfile = "Security";
Message = "成功的网络登录:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1A9BF)
\n
\n\t登录类型:\t3
\n
\n\t登录过程:\tNtLmSsp
\n
\n\t身份验证数据包:\tNTLM
\n
\n\t工作站名:\t\\\\192.168.4.254
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\t-
\n
\n\t调用方域:\t-
\n
\n\t调用方登录 ID:\t-
\n
\n\t调用方进程 ID: -
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t192.168.4.254
\n
\n\t源端口:\t0
\n
\n";
RecordNumber = 3992;
SourceName = "Security";
TimeGenerated = "20111125090112.000000+480";
TimeWritten = "20111125090112.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750003";
};
******************************************==28==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 9;
CategoryString = "帐户登录";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 680;
EventIdentifier = 680;
EventType = 4;
InsertionStrings = {"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0", "administrator", "JCIFS8_186_16", "0x0"};
Logfile = "Security";
Message = "尝试登录的用户: \tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0
\n
\n登录帐户: \tadministrator
\n
\n源工作站: \tJCIFS8_186_16
\n
\n错误代码: \t0x0
\n
\n";
RecordNumber = 3993;
SourceName = "Security";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750004";
};
******************************************==29==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1C919)", "SeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1C919)
\n
\n\t特权:\tSeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 3994;
SourceName = "Security";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750005";
};
******************************************==30==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 540;
EventIdentifier = 540;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1C919)", "3", "NtLmSsp ", "NTLM", "JCIFS8_186_16", "-", "-", "-", "-", "-", "-", "192.168.4.254", "1863"};
Logfile = "Security";
Message = "成功的网络登录:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1C919)
\n
\n\t登录类型:\t3
\n
\n\t登录过程:\tNtLmSsp
\n
\n\t身份验证数据包:\tNTLM
\n
\n\t工作站名:\tJCIFS8_186_16
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\t-
\n
\n\t调用方域:\t-
\n
\n\t调用方登录 ID:\t-
\n
\n\t调用方进程 ID: -
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t192.168.4.254
\n
\n\t源端口:\t1863
\n
\n";
RecordNumber = 3995;
SourceName = "Security";
TimeGenerated = "20111125090113.000000+480";
TimeWritten = "20111125090113.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750006";
};
******************************************==31==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 9;
CategoryString = "帐户登录";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 680;
EventIdentifier = 680;
EventType = 4;
InsertionStrings = {"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0", "administrator", "JCIFS8_186_16", "0x0"};
Logfile = "Security";
Message = "尝试登录的用户: \tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0
\n
\n登录帐户: \tadministrator
\n
\n源工作站: \tJCIFS8_186_16
\n
\n错误代码: \t0x0
\n
\n";
RecordNumber = 3996;
SourceName = "Security";
TimeGenerated = "20111125090114.000000+480";
TimeWritten = "20111125090114.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750007";
};
******************************************==32==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1CE72)", "SeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1CE72)
\n
\n\t特权:\tSeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 3997;
SourceName = "Security";
TimeGenerated = "20111125090114.000000+480";
TimeWritten = "20111125090114.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750008";
};
******************************************==33==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 540;
EventIdentifier = 540;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1CE72)", "3", "NtLmSsp ", "NTLM", "JCIFS8_186_16", "-", "-", "-", "-", "-", "-", "192.168.4.254", "1864"};
Logfile = "Security";
Message = "成功的网络登录:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1CE72)
\n
\n\t登录类型:\t3
\n
\n\t登录过程:\tNtLmSsp
\n
\n\t身份验证数据包:\tNTLM
\n
\n\t工作站名:\tJCIFS8_186_16
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\t-
\n
\n\t调用方域:\t-
\n
\n\t调用方登录 ID:\t-
\n
\n\t调用方进程 ID: -
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t192.168.4.254
\n
\n\t源端口:\t1864
\n
\n";
RecordNumber = 3998;
SourceName = "Security";
TimeGenerated = "20111125090114.000000+480";
TimeWritten = "20111125090114.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750009";
};
******************************************==34==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 9;
CategoryString = "帐户登录";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 680;
EventIdentifier = 680;
EventType = 4;
InsertionStrings = {"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0", "administrator", "JCIFS8_186_16", "0x0"};
Logfile = "Security";
Message = "尝试登录的用户: \tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0
\n
\n登录帐户: \tadministrator
\n
\n源工作站: \tJCIFS8_186_16
\n
\n错误代码: \t0x0
\n
\n";
RecordNumber = 3999;
SourceName = "Security";
TimeGenerated = "20111125090114.000000+480";
TimeWritten = "20111125090114.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750010";
};
******************************************==35==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1CE8B)", "SeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1CE8B)
\n
\n\t特权:\tSeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 4000;
SourceName = "Security";
TimeGenerated = "20111125090114.000000+480";
TimeWritten = "20111125090114.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750011";
};
******************************************==36==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 540;
EventIdentifier = 540;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1CE8B)", "3", "NtLmSsp ", "NTLM", "JCIFS8_186_16", "-", "-", "-", "-", "-", "-", "192.168.4.254", "1865"};
Logfile = "Security";
Message = "成功的网络登录:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1CE8B)
\n
\n\t登录类型:\t3
\n
\n\t登录过程:\tNtLmSsp
\n
\n\t身份验证数据包:\tNTLM
\n
\n\t工作站名:\tJCIFS8_186_16
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\t-
\n
\n\t调用方域:\t-
\n
\n\t调用方登录 ID:\t-
\n
\n\t调用方进程 ID: -
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t192.168.4.254
\n
\n\t源端口:\t1865
\n
\n";
RecordNumber = 4001;
SourceName = "Security";
TimeGenerated = "20111125090114.000000+480";
TimeWritten = "20111125090114.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666564748750012";
};
******************************************==37==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 538;
EventIdentifier = 538;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1A9BF)", "3"};
Logfile = "Security";
Message = "用户注销:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1A9BF)
\n
\n\t登录类型:\t3
\n
\n";
RecordNumber = 4002;
SourceName = "Security";
TimeGenerated = "20111125090148.000000+480";
TimeWritten = "20111125090148.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666565081875000";
};
******************************************==38==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 84, 1, 0, 0, 96, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 1, 12, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 97, 0, 110, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
Data = {94, 9, 0, 0, 95, 9, 0, 0, 84, 5, 0, 0};
EventCode = 1001;
EventIdentifier = 1073742825;
EventType = 3;
InsertionStrings = {"WmiApRpl", "WmiApRpl"};
Logfile = "Application";
Message = "已成功删除 WmiApRpl (WmiApRpl)服务的性能计数器。记录数据含有系统上一个计数器和上一个“帮助”注册表项的新数值。
\n";
RecordNumber = 155;
SourceName = "LoadPerf";
TimeGenerated = "20111125090331.000000+480";
TimeWritten = "20111125090331.000000+480";
Type = "信息";
};
TIME_CREATED = "129666566116718750";
};
******************************************==39==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 84, 1, 0, 0, 96, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 64, 1, 12, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 97, 0, 110, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 99, 0, 101, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 99, 0, 101, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
Data = {96, 9, 0, 0, 108, 9, 0, 0, 97, 9, 0, 0, 109, 9, 0, 0};
EventCode = 1000;
EventIdentifier = 1073742824;
EventType = 3;
InsertionStrings = {"WmiApRpl", "WmiApRpl"};
Logfile = "Application";
Message = "已成功加载 WmiApRpl (WmiApRpl)服务的性能计数器。记录数据含有分配给这个服务的新索引数值。
\n";
RecordNumber = 156;
SourceName = "LoadPerf";
TimeGenerated = "20111125090331.000000+480";
TimeWritten = "20111125090331.000000+480";
Type = "信息";
};
TIME_CREATED = "129666566169062500";
};
******************************************==40==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 9;
CategoryString = "帐户登录";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 680;
EventIdentifier = 680;
EventType = 4;
InsertionStrings = {"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0", "administrator", "JCIFS8_186_16", "0x0"};
Logfile = "Security";
Message = "尝试登录的用户: \tMICROSOFT_AUTHENTICATION_PACKAGE_V1_0
\n
\n登录帐户: \tadministrator
\n
\n源工作站: \tJCIFS8_186_16
\n
\n错误代码: \t0x0
\n
\n";
RecordNumber = 4003;
SourceName = "Security";
TimeGenerated = "20111125090510.000000+480";
TimeWritten = "20111125090510.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666567102656250";
};
******************************************==41==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 576;
EventIdentifier = 576;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1F28E)", "SeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege"};
Logfile = "Security";
Message = "指派给新登录的特殊权限:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1F28E)
\n
\n\t特权:\tSeSecurityPrivilege
\n\t\t\tSeBackupPrivilege
\n\t\t\tSeRestorePrivilege
\n\t\t\tSeTakeOwnershipPrivilege
\n\t\t\tSeDebugPrivilege
\n\t\t\tSeSystemEnvironmentPrivilege
\n\t\t\tSeLoadDriverPrivilege
\n\t\t\tSeImpersonatePrivilege
\n";
RecordNumber = 4004;
SourceName = "Security";
TimeGenerated = "20111125090510.000000+480";
TimeWritten = "20111125090510.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666567102656251";
};
******************************************==42==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 108, 0, 0, 0, 120, 0, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 88, 0, 3, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 2;
CategoryString = "登录/注销";
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 540;
EventIdentifier = 540;
EventType = 4;
InsertionStrings = {"Administrator", "UFC-6A0A0B1F76C", "(0x0,0x1F28E)", "3", "NtLmSsp ", "NTLM", "JCIFS8_186_16", "-", "-", "-", "-", "-", "-", "192.168.4.254", "1900"};
Logfile = "Security";
Message = "成功的网络登录:
\n
\n\t用户名:\tAdministrator
\n
\n\t域:\t\tUFC-6A0A0B1F76C
\n
\n\t登录 ID:\t\t(0x0,0x1F28E)
\n
\n\t登录类型:\t3
\n
\n\t登录过程:\tNtLmSsp
\n
\n\t身份验证数据包:\tNTLM
\n
\n\t工作站名:\tJCIFS8_186_16
\n
\n\t登录 GUID:\t-
\n
\n\t调用方用户名:\t-
\n
\n\t调用方域:\t-
\n
\n\t调用方登录 ID:\t-
\n
\n\t调用方进程 ID: -
\n
\n\t传递服务: -
\n
\n\t源网络地址:\t192.168.4.254
\n
\n\t源端口:\t1900
\n
\n";
RecordNumber = 4005;
SourceName = "Security";
TimeGenerated = "20111125090510.000000+480";
TimeWritten = "20111125090510.000000+480";
Type = "审核成功";
User = "UFC-6A0A0B1F76C\\Administrator";
};
TIME_CREATED = "129666567102656252";
};
******************************************==43==****************************
instance of __InstanceCreationEvent
{
SECURITY_DESCRIPTOR = {1, 0, 4, 128, 32, 1, 0, 0, 44, 1, 0, 0, 0, 0, 0, 0, 20, 0, 0, 0, 2, 0, 12, 1, 10, 0, 0, 0, 1, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 7, 0, 0, 0, 0, 0, 0, 0, 1, 0, 28, 0, 95, 0, 15, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 34, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 95, 0, 15, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 34, 2, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 39, 2, 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 69, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 37, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 65, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 37, 2, 0, 0, 0, 0, 28, 0, 66, 0, 0, 0, 1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 19, 0, 0, 0, 32, 2, 0, 0, 0, 0, 24, 0, 66, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 20, 0, 0, 0, 32, 2, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 5, 18, 0, 0, 0};
TargetInstance =
instance of Win32_NTLogEvent
{
Category = 0;
ComputerName = "UFC-6A0A0B1F76C";
EventCode = 17;
EventIdentifier = 2186936337;
EventType = 1;
InsertionStrings = {"time.windows.com,0x1", "套接字操作尝试一个无法连接的主机。 (0x80072751)", "30"};
Logfile = "System";
Message = "时间提供程序 NtpClient: 在 DNS 查询手动配置的对等机器 'time.windows.com,0x1' 时发生一个错误。
\nNtpClient 将在 30 分钟内重试 NDS 查询。
\n错误为: 套接字操作尝试一个无法连接的主机。 (0x80072751)
\n";
RecordNumber = 662;
SourceName = "W32Time";
TimeGenerated = "20111125091430.000000+480";
TimeWritten = "20111125091430.000000+480";
Type = "错误";
};
TIME_CREATED = "129666572702812500";
};
-------------------------
三类日志信息都输出了,Logfile = "System";根据Logfile区分。
- EventLogListener.zip (857.9 KB)
- 下载次数: 41
发表评论
-
Properties配置文件修改后重读的功能
2011-11-29 10:35 1288import java.io.File; import ja ... -
SocketClient
2011-11-25 11:03 1995package com.sinoufc.base.moni ... -
Timer
2011-11-25 10:59 827import java.util.Timer; pu ... -
EditPlus配置Java编译环境
2011-10-19 13:35 1061从菜单“工具 (Tools)”;“配置用户工具...”进入用 ... -
关于VO、PO的理解-java的(PO,VO,TO,BO,DAO,POJO)解释(转)
2011-10-08 17:35 856O/R Mapping 是 Object Relational ... -
java调用url的两种方式
2011-06-14 17:27 13872一、在java中调用url,并打开一个新的窗口 Strin ... -
MSSQLSERVER-MIB.mib读不出数据或JAVA解析错误纠正
2011-03-07 16:57 1198从官网上下的sqlserver MIB文件,也从安装目录弄的这 ... -
遍历MAP
2011-02-25 13:20 989//JDK1.5 Map map = new HashMa ... -
求交差集
2011-02-25 13:13 932String s1 = "50000,10000 ... -
java播放声音文件
2011-02-21 16:17 1197支持.au声音文件,其它的格式没试过。 package ... -
java发送邮件代码
2011-02-21 09:23 923转:http://cqjc.iteye.com/blog/27 ... -
url传中文和中文传到JS乱码问题
2011-02-09 10:39 7841.url传中文 js:encodeURI(name) //编 ... -
查找不连续数字字符串
2011-02-09 10:24 1737对己经排好序的数字字符串,查找出不连续的。 public ... -
配置文件修改后重读的功能
2011-01-18 15:07 1127import java.io.File; import ... -
HTTP中的GET和POST区别分析详解
2011-01-18 09:24 22531.数据发送形式 使用POST ... -
设置jdk环境变量
2011-01-13 15:04 1030电脑属性->高级->环境变量->系统变量 ... -
产生不重复随机数
2011-01-13 14:53 1025import java.util.*; public c ... -
日期操作类
2011-01-13 11:52 825import java.text.ParseExcepti ... -
File操作类
2011-01-13 11:51 949import java.io.BufferedReader ... -
读MIB文件
2011-01-13 11:45 7156import java.io.File; import ...
相关推荐
VDA汽车网络安全管理体系指南 Automotive Cybersecurity Management System Aduit
使用Java自己编写的获取Windows日志的程序,可以自行设置获取类型如:Security,application等类型,并且可以将其导入数据库,根据需求稍微修改即可
copy c:/windows/system32/config/security c:/windows/tmp/security.bak copy c:/windows/system32/config/default c:/windows/tmp/default.bak delete c:/windows/system32/config/system delete c:/windows/...
DESKTOP APPLICATION SECURITY CHECKLIST
Manage and analyze all the data collected by the sensors from the security system, using a graphical application Who This Book Is For This book is for novice programmers and hobbyists who want to ...
python-evtx, 用于最近 Windows 事件日志文件的纯 python 解析器( evtx ) python-evtx简介python-evtx是最近 Windows 事件日志文件( 具有文件扩展名的那些"。evtx")的纯 python 解析器。 模块提供对文件和块头。记录...
APPLICATION SECURITY
主要用来快速清除系统日志包括System/Application/Security; 根据需求将System/Application/Security导出为一个文本文件,便于浏览,这个是操作系统自带的工具所不具备的。 用法: 1. 清理系统system日志 ...
Chapter 1: The Android Security Model – the Big Picture 7 Installing with care 7 Android platform architecture 9 Linux kernel 9 Middleware 11 Dalvik virtual machine 11 Application layer 11 Android ...
The Windows file system is large and complex, featuring not only a huge number of essential files and folders for the Windows OS, your software and hardware, but also several different underlying file...
The TMS Security System facilitates the definition of user rights on a menu or form level. In its user management features the TMS Security System relies on user/group profiles stored in a database. ...
Web application security
介绍WebSphere Application Server 6.1 security
Application Security for the Android Platform by Jeff Six (英文版 完全文字版, 文件大小 5.51MB) 2011-12-02 First release, O'RELLEY Table of Contents 1. Introduction 2. Android Architecture 3. ...
Windows Security Introduction Windows Security Introduction
Windows Server 2012 Security from End to Edge and Beyond shows you how to architect, design, plan, and deploy Microsoft security technologies for Windows 8/Server 2012 in the enterprise. The book ...
TMS Security System v2.4.3.1.7z
A Study of Android Application Security 学术论文
Agile Application Security Enabling Security in a Continuous Delivery Pipeline 英文azw3 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除