[python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.')
Ruggero Paolo Basile
RuggeroPaolo.Basile at ora-0.it
Thu Sep 16 05:17:37 EDT 2021
OK , let's explain the case
My goal is to read the event log of the remote windows machine.
I have experienced the wmi library, the wmi problem is that I have to create parsers, I have not found any code.
On the remote machine I have no authentication problems as I connect to the local network.
the only question now is how i have to do? before call
hand = win32evtlog.OpenEventLog (server, logtype)
maybe i have to create an authentication contex? i'am not skilled in that.
Ruggero Paolo Basile
Cellulare: 3403216393
Mail: ruggeropaolo.basile at ora-0.it<mailto:gabriele.saltini at ora-0.it>
Privacy Policy<https://ora-0.it/privacy-policy/> Company Policy<https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf>
[cid:image001.png at 01D789E4.08355260]
________________________________
Da: Mark Hammond <mhammond at skippinet.com.au>
Inviato: giovedì 16 settembre 2021 10:49:43
A: Ruggero Paolo Basile; python-win32 at python.org
Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.')
On 16/09/2021 6:41 pm, Ruggero Paolo Basile wrote:
> ok , i have the username and password of local machine, i'am a starter
> in python
Tim noted that the issue is what permissions you have on the *remote*
machine - having the username and password of the local machine means
nothing to the remote machine you are trying to access.
Tim also suggested a specific experiment you should try - did you try
it? What happened?
(To put it another way - the issue is not about your code, nor about
your account on the local machine - it's about your permissions on the
server. The server apparently does not trust either your local machine
or the account you are using on your local machine)
Cheers,
Mark
>
>
>
> this is my code, the arguments "server" take only
>
> an ip and when i tray to run the code i can't know
>
> how i have to authenticate the connection.
>
>
>
> Thanks.
>
>
>
> #python C:\python\5_Forensic_Basic\eventlog.py
>
> # Windows Event Log Viewer
> # FB - 201012116
> import win32evtlog # requires pywin32 pre-installed
>
>
> import pdb
>
> server = '192.168.1.10' # name of the target computer to get event logs
>
>
> try:
>
> logtype = 'System' # 'Application' # 'Security'
> hand = win32evtlog.OpenEventLog(server,logtype)
> flags =
> win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
> total = win32evtlog.GetNumberOfEventLogRecords(hand)
> pdb.set_trace()
> while True:
> print ("test")
> events = win32evtlog.ReadEventLog(hand, flags,0)
> if events:
> for event in events:
> print ('Event Category:', event.EventCategory)
> print ('Time Generated:', event.TimeGenerated)
> print ('Source Name:', event.SourceName)
> print ('Event ID:', event.EventID)
> print ('Event Type:', event.EventType)
> data = event.StringInserts
> if data:
> print ('Event Data:')
> for msg in data:
> print (msg)
> print()
> except Exception as err:
> print("Exception")
> print(str(err))
> if __name__ == "__main__":
> try:
> print ("start")
> except getopt.GetoptError as err:
> print(str(err))
>
>
>
> /Ruggero Paolo Basile/
>
> /Cellulare: 3403216393/
> /Mail:/ruggeropaolo.basile at ora-0.it <mailto:gabriele.saltini at ora-0.it>
> Privacy Policy <https://ora-0.it/privacy-policy/>Company Policy
> <https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf>
>
> ------------------------------------------------------------------------
> *Da:* python-win32
> <python-win32-bounces+ruggeropaolo.basile=ora-0.it at python.org> per conto
> di Tim Roberts <timr at probo.com>
> *Inviato:* giovedì 16 settembre 2021 03:17:56
> *A:* python-win32 at python.org
> *Oggetto:* Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW',
> 'Access is denied.')
> Ruggero Paolo Basile wrote:
>>
>>
>> Good morning i'am try to connect to remote host and get the eventlog
>> from windows , but in the
>>
>> module i can't find a value for authentication.
>> Have you some news?
>>
>> this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is
>> denied.')"
>
>
> To do that operation, your username has to have permission on that
> remote machine. Are you using a domain? Are you logged in as a domain
> administrator?
>
>
> This article talks about it, but since Windows security is a vast, dark,
> confusing, twisted mess, I'm not sure you'll be able to make it work.
>
>
> https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008
> <https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008>
>
>
> If you bring up the Event Viewer application ("eventvwr"), under Action,
> there's a "Connect to Another Computer" option. Does that work for you?
>
> --
> Tim Roberts, timr at probo.com
> Providenza & Boekelheide, Inc.
>
>
>
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> https://mail.python.org/mailman/listinfo/python-win32
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-win32/attachments/20210916/eecbe754/attachment-0001.html>
More information about the python-win32
mailing list