Board logo

标题: 求VBS代码精简:查询指定天数之前的用户登陆记录 [打印本页]

作者: BatCoder    时间: 2009-6-6 14:31     标题: 求VBS代码精简:查询指定天数之前的用户登陆记录

我在组策略里面启用了用户登陆审核策略,写了以下代码来查询指定天数之前的用户登陆记录。等号中间那段转换日期时间格式的代码总感觉有些臃肿,请问应该如何简化代码以提供执行效率呢?
  1. Option Explicit
  2. Dim intIntervalDay, strLoginLog, strComputer, colLoggedEvents, objEvent
  3. Dim objShell, objFSO, objSWbemDateTime, objDstFile, objWMIService
  4. intIntervalDay=7 'How many days ago
  5. strLoginLog="C:\test\LoginList.log" 'Where to record the log
  6. Set objShell = CreateObject("WScript.Shell")
  7. Set objFSO = CreateObject("Scripting.FileSystemObject")
  8. Set objSWbemDateTime = CreateObject("WbemScripting.SWbemDateTime")
  9. Set objDstFile = objFSO.OpenTextFile(strLoginLog,8,True)
  10. strComputer = "."
  11. Set objWMIService = GetObject("winmgmts:" _
  12. & "{impersonationLevel=impersonate, (Security)}!\\" & strComputer & "\root\cimv2")
  13. Set colLoggedEvents = objWMIService.ExecQuery _
  14. ("Select * from Win32_NTLogEvent Where Logfile = 'Security' and EventCode = '528'")
  15. For Each objEvent in colLoggedEvents
  16. Dim dtmLocalTime, dtmEventTime, intDiffDay
  17. ' Wscript.Echo "Time Written: " & objEvent.TimeWritten
  18. ' Wscript.Echo "Computer Name: " & objEvent.ComputerName
  19. ' Wscript.Echo "Event Code: " & objEvent.EventCode
  20. ' Wscript.Echo "User: " & objEvent.User
  21. ' Wscript.Echo "Category: " & objEvent.Category
  22. ' Wscript.Echo "Message: " & objEvent.Message
  23. ' Wscript.Echo "Record Number: " & objEvent.RecordNumber
  24. ' Wscript.Echo "Source Name: " & objEvent.SourceName
  25. ' Wscript.Echo "Event Type: " & objEvent.Type
  26. ' =================================================
  27. objSWbemDateTime.Value = objEvent.TimeWritten
  28. dtmLocalTime = objSWbemDateTime.GetVarDate(true)
  29. dtmEventTime = CDate(dtmLocalTime)
  30. intDiffDay = DateDiff("d", dtmEventTime, Now)
  31. ' =================================================
  32. If (intDiffDay <= intIntervalDay) Then
  33. If (objEvent.User <> "NT AUTHORITY\NETWORK SERVICE") Then
  34. If (objEvent.User <> "NT AUTHORITY\LOCAL SERVICE") Then
  35. objDstFile.WriteLine objEvent.TimeWritten _
  36. & " " & objEvent.ComputerName _
  37. & " " & objEvent.EventCode _
  38. & " " & objEvent.User
  39. End If
  40. End If
  41. End If
  42. Next
  43. objDstFile.Close
  44. objShell.Run "notepad " & strLoginLog
复制代码





欢迎光临 批处理之家 (http://bathome.net./) Powered by Discuz! 7.2