check_winevent

3 posts / 0 new
Last post
Stoke
Offline
Last seen: 7 years 7 months ago
Joined: 27.02.2013 - 11:49
check_winevent

I am testing the check_winevent.exe on windows 8, I want to run a check on the Security log for Audit Success.

I can see events in the Security log but the command returns 0

check_winevent.exe --log Security --type "audit success" --window "10 hours" -v -v -v
Event log(s): Security
Event code(s): all
Event type(s): audit success
Event sources: all
Time window: 36000 seconds, timestamp: 20130227010056.000000+000
WQL string generated for Security: select * from Win32_NTLogEvent where Logfile=
'Security' And (TimeGenerated > '20130227010056.000000+000') And (Type='audit su
ccess' )
Records selected:
Eventlog Security - 0 selected events
Total number of events selected: 0
EVENT OK - 0 events|events=0;;;

If I run the command without options I see it does not list a Security event log am I missing something here?

check_winevent.exe -v -v -v
Event log(s): System, HP Software Framework, Key Management Service, Windows Pow
erShell, HardwareEvents, Internet Explorer, Application, HP HotKey Support

 

itefix
Offline
Last seen: 14 hours 21 min ago
Joined: 01.05.2008 - 21:33
You need to run the plugin as

You need to run the plugin as administrator. I get the following if I do so:

 

C:\....>check_winevent -v
Event log(s): System, Security, HP Software Framework, Key Management Service, W
indows PowerShell, HardwareEvents, Hewlett-Packard, Media Center, Internet Explo
rer, OAlerts, Application, HP Wireless Assistant
Event code(s): all
Event type(s): all
Event sources: all
Time window: 3600 seconds, timestamp: 20130227105632.000000+000
Eventlog System - 20 selected events
Eventlog Security - 7 selected events
Eventlog HP Software Framework - 0 selected events
Eventlog Key Management Service - 0 selected events
Eventlog Windows PowerShell - 0 selected events
Eventlog HardwareEvents - 0 selected events
Eventlog Hewlett-Packard - 0 selected events
Eventlog Media Center - 0 selected events
Eventlog Internet Explorer - 0 selected events
Eventlog OAlerts - 0 selected events
Eventlog Application - 8 selected events
Eventlog HP Wireless Assistant - 0 selected events
Total number of events selected: 35
EVENT OK - 35 events|events=35;;;

Stoke
Offline
Last seen: 7 years 7 months ago
Joined: 27.02.2013 - 11:49
Thank you for a quick

Thank you for a quick response that worked like a dream and makes complete sence as to where I was going wrong.