Open Supermec0 opened 5 years ago
bannsec
commented
5 years ago whoa.. yeah something definitely got into a strange state. how reproducible is this? i.e.: is it reliably happening each time?
So it looks like you're using this over domain auth, do you get the same error when not using domain authentication?
What are the operating system versions for those communicating systems?
Supermec0
commented
5 years ago Yes it’s reproducible, as i said it works very randomly.
Whether i enter the domain name or not, it’s the same thing that keeps happening.
My compiler is on Windows 10, remote server is Server 16, windows.
On Tue, Dec 4, 2018 at 10:25 PM bannsec notifications@github.com wrote:
whoa.. yeah something definitely got into a strange state. how reproducible is this? i.e.: is it reliably happening each time?
So it looks like you're using this over domain auth, do you get the same error when not using domain authentication?
What are the operating system versions for those communicating systems?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/bannsec/winevt/issues/6#issuecomment-444354319, or mute the thread https://github.com/notifications/unsubscribe-auth/Al_sR8PG6j9HGUEC41PyxKAauTTYLx6hks5u10qqgaJpZM4ZB8fv .
Supermec0
commented
5 years ago any update on this? Thanks!
bannsec
commented
5 years ago Sorry, haven't had a chance to look at this yet.
On Mon, Dec 17, 2018, 1:19 PM Supermec0 <notifications@github.com wrote:
any update on this? Thanks!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/bannsec/winevt/issues/6#issuecomment-447945388, or mute the thread https://github.com/notifications/unsubscribe-auth/AHR34BPejX2Jfd71uGnWW3gNrryfp3J7ks5u5-AcgaJpZM4ZB8fv .
ramzahn
commented
5 years ago joerg
jduncan8142
commented
5 years ago Any update on this issue? I'm seeing the same Windows 10 to Windows Server 2008 R2. Sometimes it works but most times I get Access denied msg. Tried uninstalling and reinstalling with no change still same intermittent results.
DemetriusStorm
commented
5 years ago Hi! I join the author of this question. I run the script on windows 7 x64, target remote server Windows 2008 r2 x64, I have the same error: ################################# This notification is also annoying, but other functions work with it locally.
WARNING: winevt: pyv. Falling back to in-ine mode. Compile your own. To fix this, do the following: 1) Check this page and install the correct compiler for your version of python: https://blogs.msdn.microsoft.com/pythonengineering/2016/04/11/unable-to-find-vcvarsall-bat/ 2) Re-install winevt (pip install -U winevt)
ERROR: EventLog.Query: Access Denied.
Traceback (most recent call last):
File "D: /Programs/Projects/parsers/get_eventlog_v2.py", line 14, in
Hi there -
This code is not working on remote computers. I'm running it on my computer trying to access a remote server's Events Log, and I keep getting "Access Denied." Very randomly it'll connect just fine and return the correct result. On the server, my connection attempts are seen with very random username/password combination, example is shown below. What is wrong here, and why do i keep on getting the message to reinstall winevt library. I followed the instructions to reinstall, yet still getting the same thing.
################### 1st Attempt logged on server: The state of a transaction has changed.
Subject: Security ID: SYSTEM Account Name: (Removed for security reasons, but it logged correct computer name) Account Domain: (Removed, but logged correct domain name) Logon ID: 0x3E7
Transaction Information: RM Transaction ID: {52758235-f5c5-11e8-811b-005056881f92} New State: 48 Resource Manager: {dd00c1d6-e775-11e3-a98a-cbd2b538aa0c}
2nd Attempt: An account failed to log on.
Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed: Security ID: NULL SID Account Name: rberos V1. Account Domain: (Removed, but logged correct domain name)
Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC0000064 ################## From my compiler: inquiry = EventLog.Query("ForwardedEvents","*",username="given", password="given", server="IP_address"). ################## Output on my compiler: WARNING:winevt:Looks like you didn't successfully compile your own out-of-line pyd. Falling back to in-ine mode. This is going to be less efficient and it's recommended you compile your own. To fix this, do the following: 1) Check this page and install the correct compiler for your version of python: https://blogs.msdn.microsoft.com/pythonengineering/2016/04/11/unable-to-find-vcvarsall-bat/ 2) Re-install winevt (pip install -U winevt)
ERROR:EventLog.Query:Access is denied.