Hi All!
i've been trying to tackle this article I found for extracting Windows Event Viewer logs:
https://knowledge.broadcom.com/external/article?legacyId=HOWTO124451I wish to extract only specific attributes from event ID# 4624 (remote logon) - this will be able to grant me the RDP info I require.
question is, since my VB Scripting is a bit slow, how the heck do I edit the Custom Data Inventory to successfully extract it?:
created the Data Class (not sure how many Attributes to create if i wish to extract these details:
TimeCreated SystemTime
TargetUserName
TargetDomainName
WorkstationName
FromIpAddress
FromIpPort
TimeGenerated
any chance any one could help me edit the instance from the website and send me result ?
i got confused when trying to understand if i am able to gather an info for a specific attribute from an event #, or can i only extract the entire event ID? (and how to achieve that)?
Thanks,
Hagai
Original Message:
Sent: 07-22-2021 08:42 AM
From: Igor Perevozchikov
Subject: RDP / VNC report
ITMS doesn't have such information from which IP someone logged in on this client PC remotely.
For such purposes I think better to use custom inventory data class and find correct script to execute it via "Run Script" task on client computers to populate such information. For example
tasklist /s computername /fi "imagename eq explorer.exe" /v
Symantec Management Agent sends events to ITMS database about logged in/off account name and this information is stored in "Evt_AeX_Client_LogOn" sql table
Thanks,
IP.
------------------------------
Software QA Engineer
Broadcom Inc.
Original Message:
Sent: 07-22-2021 05:58 AM
From: Hagai Nachmani
Subject: RDP / VNC report
Hi Experts,
is there such a report / query / table that provides info about remoting into or from a target?
(e.g: i would like to know from which IP / hostnames someone remoted in a windows station).
tnx,
Hagai