导航：首页 > 互联网科技 >

java 中怎么访问windows安全日志

发表于：2025-02-03 作者：千家信息网编辑

千家信息网最后更新 2025年02月03日，本篇文章给大家分享的是有关java 中怎么访问windows安全日志，小编觉得挺实用的，因此分享给大家学习，希望大家阅读完这篇文章后可以有所收获，话不多说，跟着小编一起来看看吧。//查询window日

千家信息网最后更新 2025年02月03日java 中怎么访问windows安全日志

本篇文章给大家分享的是有关java 中怎么访问windows安全日志，小编觉得挺实用的，因此分享给大家学习，希望大家阅读完这篇文章后可以有所收获，话不多说，跟着小编一起来看看吧。

//查询window日志public void queryWindowsData(String ip,String user,String space,String password,String domain){   try   {      //创建session认证连接      JISession dcomSession =JISession.createSession(domain,user,password);      dcomSession.useSessionSecurity(true);      JIProgId progId = JIProgId.valueOf("WbemScripting.SWbemLocator");      progId.setAutoRegistration(true);      JIComServer comServer = new JIComServer(progId, ip,            dcomSession);      IJIDispatch wbemLocator = (IJIDispatch) JIObjectFactory.narrowObject(comServer.createInstance().queryInterface(IJIDispatch.IID));      //parameterstoconnecttoWbemScripting.SWbemLocator      JIVariant[] results = wbemLocator.callMethodA("ConnectServer", new Object[]{            JIVariant.OPTIONAL_PARAM(),            (space == null) ? JIVariant.OPTIONAL_PARAM() : new JIString(space)            , JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM(),            JIVariant.OPTIONAL_PARAM() ,            JIVariant.OPTIONAL_PARAM() ,            0 ,            JIVariant.OPTIONAL_PARAM()      });      IJIDispatch wbemServices=(IJIDispatch)JIObjectFactory.narrowObject(results[0].getObjectAsComObject());      //String sql = "SELECT * FROM Win32_ComputerSystem";      SimpleDateFormat sdf=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");      Calendar cc=Calendar.getInstance();      //utc时间-8       //eventcode = 4769 表示通过加域登录的用户      cc.add(Calendar.HOUR_OF_DAY, -9);//1小时前 ,8是减去UTC时间      String dateString = sdf.format(cc.getTime());      //WQL查询日志      String QUERY_FOR_ALL_LOG_EVENTS = "Select * from Win32_NTLogEvent Where Logfile = 'Security' and " +            "EventCode = '4769' and EventType = 4 and TimeWritten >' "+dateString+"'";      try {         results = wbemServices.callMethodA("ExecQuery", new Object[]{new JIString(QUERY_FOR_ALL_LOG_EVENTS), JIVariant.OPTIONAL_PARAM(),           JIVariant.OPTIONAL_PARAM(), JIVariant.OPTIONAL_PARAM()});         IJIDispatch wOSd = (IJIDispatch) JIObjectFactory.narrowObject((results[0]).getObjectAsComObject());         int count = wOSd.get("Count").getObjectAsInt();         IJIComObject enumComObject = wOSd.get("_NewEnum").getObjectAsComObject();         IJIEnumVariant enumVariant = (IJIEnumVariant) JIObjectFactory.narrowObject(enumComObject.queryInterface(IJIEnumVariant.IID));         IJIDispatch wbemObject_dispatch = null;         for (int c = 0; c < count; c++) {            Object[] values = enumVariant.next(1);            JIArray array = (JIArray) values[0];            Object[] arrayObj = (Object[]) array.getArrayInstance();            for (int j = 0; j < arrayObj.length; j++) {               // (IJIDispatch) JIObjectFactory.narrowObject(((JIVariant) arrayObj[j]).               wbemObject_dispatch = (IJIDispatch) JIObjectFactory.narrowObject(((JIVariant) arrayObj[j]).getObjectAsComObject());            }            String str = (wbemObject_dispatch.callMethodA("GetObjectText_", new Object[]{1}))[0]                  .getObjectAsString2();            query(str);         }      } catch (JIException e) {         e.printStackTrace();      }   }   catch (Exception e)   {      e.printStackTrace();   }}

以上就是java 中怎么访问windows安全日志，小编相信有部分知识点可能是我们日常工作会见到或用到的。希望你能通过这篇文章学到更多知识。更多详情敬请关注行业资讯频道。

很赞哦！