本篇文章给大家分享的是有关java 中怎么访问windows安全日志,小编觉得挺实用的,因此分享给大家学习,希望大家阅读完这篇文章后可以有所收获,话不多说,跟着小编一起来看看吧。
计算
安全
数据库
网络和加速
企业服务
//查询window日志
public void queryWindowsData(String ip,String user,String space,String password,String domain)
{
try
{
//创建session认证连接
JISession dcomSession =JISession.createSession(domain,user,password);
dcomSession.useSessionSecurity(true);
JIProgId progId = JIProgId.valueOf("WbemScripting.SWbemLocator");
progId.setAutoRegistration(true);
JIComServer comServer = new JIComServer(progId, ip,
dcomSession);
IJIDispatch wbemLocator = (IJIDispatch) JIObjectFactory.narrowObject(comServer.createInstance().queryInterface(IJIDispatch.IID));
//parameterstoconnecttoWbemScripting.SWbemLocator
JIVariant[] results = wbemLocator.callMethodA("ConnectServer", new Object[]{
JIVariant.OPTIONAL_PARAM(),
(space == null) ? JIVariant.OPTIONAL_PARAM() : new JIString(space)
, JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM(),
JIVariant.OPTIONAL_PARAM() ,
JIVariant.OPTIONAL_PARAM() ,
0 ,
JIVariant.OPTIONAL_PARAM()
});
IJIDispatch wbemServices=(IJIDispatch)JIObjectFactory.narrowObject(results[0].getObjectAsComObject());
//String sql = "SELECT * FROM Win32_ComputerSystem";
SimpleDateFormat sdf=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Calendar cc=Calendar.getInstance();
//utc时间-8
//eventcode = 4769 表示通过加域登录的用户
cc.add(Calendar.HOUR_OF_DAY, -9);//1小时前 ,8是减去UTC时间
String dateString = sdf.format(cc.getTime());
//WQL查询日志
String QUERY_FOR_ALL_LOG_EVENTS = "Select * from Win32_NTLogEvent Where Logfile = 'Security' and " +
"EventCode = '4769' and EventType = 4 and TimeWritten >' "+dateString+"'";
try {
results = wbemServices.callMethodA("ExecQuery", new Object[]{new JIString(QUERY_FOR_ALL_LOG_EVENTS), JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM()});
IJIDispatch wOSd = (IJIDispatch) JIObjectFactory.narrowObject((results[0]).getObjectAsComObject());
int count = wOSd.get("Count").getObjectAsInt();
IJIComObject enumComObject = wOSd.get("_NewEnum").getObjectAsComObject();
IJIEnumVariant enumVariant = (IJIEnumVariant) JIObjectFactory.narrowObject(enumComObject.queryInterface(IJIEnumVariant.IID));
IJIDispatch wbemObject_dispatch = null;
for (int c = 0; c < count; c++) {
Object[] values = enumVariant.next(1);
JIArray array = (JIArray) values[0];
Object[] arrayObj = (Object[]) array.getArrayInstance();
for (int j = 0; j < arrayObj.length; j++) {
// (IJIDispatch) JIObjectFactory.narrowObject(((JIVariant) arrayObj[j]).
wbemObject_dispatch = (IJIDispatch) JIObjectFactory.narrowObject(((JIVariant) arrayObj[j]).getObjectAsComObject());
}
String str = (wbemObject_dispatch.callMethodA("GetObjectText_", new Object[]{1}))[0]
.getObjectAsString2();
query(str);
}
} catch (JIException e) {
e.printStackTrace();
}
}
catch (Exception e)
{
e.printStackTrace();
}
}以上就是java 中怎么访问windows安全日志,小编相信有部分知识点可能是我们日常工作会见到或用到的。希望你能通过这篇文章学到更多知识。更多详情敬请关注亿速云行业资讯频道。
亿速云「云服务器」,即开即用、新一代英特尔至强铂金CPU、三副本存储NVMe SSD云盘,价格低至29元/月。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
原文链接:https://my.oschina.net/u/3314931/blog/3085786
