how to note down files modify or remove action? "C.K" <mmjian[ at ]tom.com> 4/19/2007 2:22:02 AM How to note down when ActiveDirectory user Create/Modify/Remove file on server by WScript now i use Auditing Policy to do the same thing,but i hope do that by wscript and write the log to database. please excuse me i am not good at english,hope can understand what i meaning.

RE: how to note down files modify or remove action? Jeremy 4/20/2007 11:22:00 AM Try looking into logparser, it can read the events out of your event log and write them to a SQL database. It is very powerful. http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx "C.K" wrote: [Quoted Text] > How to note down when ActiveDirectory user Create/Modify/Remove file on > server by WScript > now i use Auditing Policy to do the same thing,but i hope do that by wscript > and write the log to database. > > please excuse me i am not good at english,hope can understand what i > meaning. > > >

Re: how to note down files modify or remove action? "C.K" <mmjian[ at ]tom.com> 4/23/2007 12:35:47 AM thank you,Jeremy but it is not real-time to get the event can i use some script like Object.NextEvent and write them to database real-time?

Re: how to note down files modify or remove action? Jeremy 4/23/2007 12:48:00 AM So are you going to have your script looping and constantly watching the event log? It sounds like you are trying to have some sort of event driven script that waits for certain types of events and then when it sees one of interest it writes it to a database? Is this correct? "C.K" wrote: [Quoted Text] > thank you,Jeremy > but it is not real-time to get the event > can i use some script like Object.NextEvent and write them to database > real-time? > > >

Re: how to note down files modify or remove action? "C.K" <mmjian[ at ]tom.com> 4/23/2007 3:23:53 AM Can i just monitor about File Modify/Delete Action?not all Event Log. I have another script to monitor Print Log by Object.NextEvent not monitor Event-Log,just monitor Win32_PrintJob and I found some interest script from Script Center,here is the URL http://www.microsoft.com/china/technet/community/scriptcenter/filefolder/scr ff46.mspx that can get the event when file was Created/Modified/Deleted but just for one folder or file I am going to find some way let it working as Win32_PrintJob when the event happened,return [who,when,targetName,...] excuse me such awful english.

Re: how to note down files modify or remove action? Jeremy 4/23/2007 5:12:01 AM Well what you are describing is that you want something that is Event Driven. That is that the logging of the action (Create, Modify, Delete etc) triggers the data you want to capture. Windows has this ability built into the Event Log. Say you wanted to write a script that monitored a files system, you'd either have to write something that was extremely low level (i.e. hooked into MTFS itself) or you'd have to have a script that monitor hundreds, or thousands or more of objects all them taking up valuable resources. So since Windows has a built-in way of capturing the data you want, then why not just use it. It is unfortunate that the windows Security log is so poor becuase you could just use it. unfortunately it is quite hard to manage. There are lots of 3rd party apps with agents that can do exactly what you want. I think one of the good ones is called SNARE. It might be best if you look into this. Cheers, Jeremy. "C.K" wrote: [Quoted Text] > Can i just monitor about File Modify/Delete Action?not all Event Log. > > I have another script to monitor Print Log by Object.NextEvent > not monitor Event-Log,just monitor Win32_PrintJob > and I found some interest script from Script Center,here is the URL > http://www.microsoft.com/china/technet/community/scriptcenter/filefolder/scr > ff46.mspx > that can get the event when file was Created/Modified/Deleted > but just for one folder or file > > I am going to find some way let it working as Win32_PrintJob > when the event happened,return [who,when,targetName,...] > > excuse me such awful english. > > >