aardio 文档
aardio 范例:查询系统日志
//查询系统日志
import console.int;
import com.wmi;
import sys.acl;
for event in com.wmi.eachProperties(`SELECT * FROM Win32_NTLogEvent WHERE
Logfile = "System" AND ( EventCode=7001 OR EventCode=7002 OR EventCode=6005 OR EventCode=6006 )` ) {
/*
console.log( "Category: ", event.Category);
console.log( "Computer Name: ", event.ComputerName);
console.log( "Event Code: ", event.EventCode);
console.log( "Message: ", event.Message);
console.log( "Record Number: ", event.RecordNumber);
console.log( "Source Name: ", event.SourceName);
console.log( "Event Type: ", event.Type);
console.log( "User: ", event.User);
console.dumpTable(event)
*/
var tm = time.utc( event.TimeWritten ).local();
if(event.EventCode==7001 && event.SourceName=="Microsoft-Windows-Winlogon"){
var idx,sid = table.find(event.InsertionStrings,lambda(v) string.startWith(v,"S-"));
var userName = sys.acl.sidStringToUserName(sid);
console.log(tm,userName + " 登录成功")
}
if(event.EventCode==7002 && event.SourceName=="Microsoft-Windows-Winlogon"){
var idx,sid = table.find(event.InsertionStrings,lambda(v) string.startWith(v,"S-"));
var userName = sys.acl.sidStringToUserName(sid);
console.log(tm,userName, " 已注销" )
}
elseif(event.SourceName=="EventLog") {
console.log(tm,event.Message,event.SourceName,event.EventCode)
if(event.EventCode == 6005) console.more(1)
}
}
Markdown 格式