def create_session(self):
session_struct = self.get_session_struct()
# No need for a remote connection
if session_struct is None:
return
# https://docs.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopensession
# http://timgolden.me.uk/pywin32-docs/win32evtlog__EvtOpenSession_meth.html
self._session = win32evtlog.EvtOpenSession(session_struct, win32evtlog.EvtRpcLogin, 0, 0)
def _open_remote_session_if_necessary(self, server, config):
"""
Opens a session to a remote server if `server` is not localhost or None
@param server: string containing the server to connect to (can be None)
@param config: a log config object
@return: a valid session to a remote machine, or None if no remote session was needed
"""
session = None
# see if we need to create a remote connection
if server is not None and server != "localhost":
username = config.get("remote_user")
password = config.get("remote_password")
domain = config.get("remote_domain")
flags = win32evtlog.EvtRpcLoginAuthDefault
# login object is a tuple
login = (server, username, domain, password, flags)
self._logger.log(
scalyr_logging.DEBUG_LEVEL_1,
"Performing remote login: server - %s, user - %s, domain - %s"
% (server, username, domain),
)
session = None
session = win32evtlog.EvtOpenSession(login, win32evtlog.EvtRpcLogin, 0, 0)
if session is None:
# 0 means to call GetLastError for the error code
error_message = win32api.FormatMessage(0)
self._logger.warn(
"Error connecting to remote server %s, as %s - %s"
% (server, username, error_message)
)
raise Exception(
"Error connecting to remote server %s, as %s - %s"
% (server, username, error_message)
)
return session
import win32evtlog, win32event
ADIP = '10.0.0.x' # IP address of your domain controller
ADusername = '' # Name of the account you will use to connect to AD
ADdomain = '' # Domain (domain.local / domain.com)
ADuserpass = '' # Password for the above user
eventIDs = [5379] # List of EventIDs to watch for
eventlog = 'security' # Which log to watch (security, application, setup, system, etc.)
evtSessionCredentials = (ADIP, ADusername, ADdomain, ADuserpass,
win32evtlog.EvtRpcLoginAuthDefault)
evtSession = win32evtlog.EvtOpenSession(evtSessionCredentials,
win32evtlog.EvtRpcLogin, 0, 0)
XPathQuery = "*[System[({})]".format(
' or '.join("EventID=" + str(x) for x in eventIDs)
) # The XPath-styled query to tell the domain controller which events to return
#evt1: int specifying why the function was called | evt2: context object (5th parameter in EvtSubscribe) | evt3: event content
def eventTriggered(evt1, evt2, evt3):
print("Triggered")
print(evt1)
print(evt2)
print(win32evtlog.EvtRender(evt3, win32evtlog.EvtRenderEventXml))
win32event.PulseEvent(evtHandle)
evtHandle = win32event.CreateEvent(None, 0, 0, None)
x = win32evtlog.EvtSubscribe(eventlog, win32evtlog.EvtSubscribeToFutureEvents,