OK , let's explain the case
My goal is to read the event log of the remote windows machine. I have experienced the wmi library, the wmi problem is that I have to create parsers, I have not found any code. On the remote machine I have no authentication problems as I connect to the local network. the only question now is how i have to do? before call hand = win32evtlog.OpenEventLog (server, logtype) maybe i have to create an authentication contex? i'am not skilled in that. Ruggero Paolo Basile Cellulare: 3403216393 Mail: ruggeropaolo.bas...@ora-0.it<mailto:gabriele.salt...@ora-0.it> Privacy Policy<https://ora-0.it/privacy-policy/> Company Policy<https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf> [cid:image001.png@01D789E4.08355260] ________________________________ Da: Mark Hammond <mhamm...@skippinet.com.au> Inviato: giovedì 16 settembre 2021 10:49:43 A: Ruggero Paolo Basile; python-win32@python.org Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') On 16/09/2021 6:41 pm, Ruggero Paolo Basile wrote: > ok , i have the username and password of local machine, i'am a starter > in python Tim noted that the issue is what permissions you have on the *remote* machine - having the username and password of the local machine means nothing to the remote machine you are trying to access. Tim also suggested a specific experiment you should try - did you try it? What happened? (To put it another way - the issue is not about your code, nor about your account on the local machine - it's about your permissions on the server. The server apparently does not trust either your local machine or the account you are using on your local machine) Cheers, Mark > > > > this is my code, the arguments "server" take only > > an ip and when i tray to run the code i can't know > > how i have to authenticate the connection. > > > > Thanks. > > > > #python C:\python\5_Forensic_Basic\eventlog.py > > # Windows Event Log Viewer > # FB - 201012116 > import win32evtlog # requires pywin32 pre-installed > > > import pdb > > server = '192.168.1.10' # name of the target computer to get event logs > > > try: > > logtype = 'System' # 'Application' # 'Security' > hand = win32evtlog.OpenEventLog(server,logtype) > flags = > win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ > total = win32evtlog.GetNumberOfEventLogRecords(hand) > pdb.set_trace() > while True: > print ("test") > events = win32evtlog.ReadEventLog(hand, flags,0) > if events: > for event in events: > print ('Event Category:', event.EventCategory) > print ('Time Generated:', event.TimeGenerated) > print ('Source Name:', event.SourceName) > print ('Event ID:', event.EventID) > print ('Event Type:', event.EventType) > data = event.StringInserts > if data: > print ('Event Data:') > for msg in data: > print (msg) > print() > except Exception as err: > print("Exception") > print(str(err)) > if __name__ == "__main__": > try: > print ("start") > except getopt.GetoptError as err: > print(str(err)) > > > > /Ruggero Paolo Basile/ > > /Cellulare: 3403216393/ > /Mail:/ruggeropaolo.bas...@ora-0.it <mailto:gabriele.salt...@ora-0.it> > Privacy Policy <https://ora-0.it/privacy-policy/>Company Policy > <https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf> > > ------------------------------------------------------------------------ > *Da:* python-win32 > <python-win32-bounces+ruggeropaolo.basile=ora-0...@python.org> per conto > di Tim Roberts <t...@probo.com> > *Inviato:* giovedì 16 settembre 2021 03:17:56 > *A:* python-win32@python.org > *Oggetto:* Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', > 'Access is denied.') > Ruggero Paolo Basile wrote: >> >> >> Good morning i'am try to connect to remote host and get the eventlog >> from windows , but in the >> >> module i can't find a value for authentication. >> Have you some news? >> >> this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is >> denied.')" > > > To do that operation, your username has to have permission on that > remote machine. Are you using a domain? Are you logged in as a domain > administrator? > > > This article talks about it, but since Windows security is a vast, dark, > confusing, twisted mess, I'm not sure you'll be able to make it work. > > > https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008 > <https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008> > > > If you bring up the Event Viewer application ("eventvwr"), under Action, > there's a "Connect to Another Computer" option. Does that work for you? > > -- > Tim Roberts, t...@probo.com > Providenza & Boekelheide, Inc. > > > > _______________________________________________ > python-win32 mailing list > python-win32@python.org > https://mail.python.org/mailman/listinfo/python-win32 >
_______________________________________________ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
