讀取系統"安全"日誌中的失敗登入嘗試 + 新增攻擊者IP到防火牆策略
阿新 • • 發佈:2018-12-23
Private Sub btnRead_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnRead.Click Dim ComputerLogs() As Diagnostics.EventLog = EventLog.GetEventLogs For Each aLog As Diagnostics.EventLog In ComputerLogs If aLog.Log = "Security" Then Dim cnt As Integer = aLog.Entries.Count, idx As Integer = 0 For Each itm As EventLogEntry In aLog.Entries idx += 1 Me.Text = idx & "/" & cnt If itm.InstanceId = 4625 Then txtIPList.AppendText(itm.TimeGenerated & vbTab & itm.ReplacementStrings(5) & vbTab & itm.ReplacementStrings(19) & vbCrLf) End If Next Exit For End If Next Me.Text = "EventReader" End Sub Private Sub btnFW_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnFW.Click Dim plcObj As NetFwTypeLib.INetFwPolicy2 = CreateObject("HNetCfg.FwPolicy2"), rule As NetFwTypeLib.INetFwRule Dim CurrentProfiles As Integer = plcObj.CurrentProfileTypes() For Each rule In plcObj.Rules If rule.Profiles And CurrentProfiles Then If rule.Name = "DENY_LOGIN_ATTEMPT" Then MsgBox(rule.RemoteAddresses) rule.RemoteAddresses &= "," & txtIPList.Text.Replace(vbCrLf, ",") txtResult.Text = rule.RemoteAddresses.Replace(",", vbCrLf).Replace("255.255.255.255", "32") Exit For End If End If Next End Sub