Wednesday, May 29, 2013

Batch - Get time from remote server write to csv audit log



Purpose: needed a hacked up batch file that was able to read time from a remote server and log to a CSV for user logon auditing. They may have been a better way to do this in batch, but after about 5 hours of looking i decided to just write my own. Wish i could have used powershell. Note:I found that using the net time //x.x.x.x command against a server can return different formatted results I think this script is able to handle the differences but i can not be certain without further testing 
@echo off
REM Tony Unger
REM
REM login audit script
REM For Log In
Rem Writes to a CSV file
REM Thanks to http://brisray.com/comp/batch3.htm for length checking in batch


setlocal EnableDelayedExpansion
for /f "delims=" %%i in ('net time \\servername') do (
    if "!CurrentTime!"=="" (set CurrentTime=%%i) else (set CurrentTime=!CurrentTime!#%%i)

)

echo %CurrentTime%
Echo parse the Net Time command
FOR /f "tokens=6,7,8" %%a IN ("%CurrentTime%") DO (
SET _date=%%a
SET _time=%%b
SET _AMPM=%%c
Echo after read ampm is %_AMPM%
If %_AMPM% ==AM#Local (
FOR /f "tokens=14,15,16" %%a IN ("%CurrentTime%") DO (
SET _date=%%a
SET _time=%%b
SET _AMPM=%%c
)
)
If %_AMPM% ==PM#Local (
FOR /f "tokens=14,15,16" %%a IN ("%CurrentTime%") DO (
SET _date=%%a
SET _time=%%b
SET _AMPM=%%c
)
)
Echo Now it is equal to: %_AMPM%

if %_HourUpdate% == 01 (set _HourUpdate=13)
Echo Break up the date to Day Month Year
for /f "tokens=1,2,3 delims=/ " %%A in ("%_date%") DO (
SET _Month=%%A
SET _Day=%%B
SET _Year=%%C
)
Echo Breakup Time to Hour Min Sec
for /f "tokens=1,2,3 delims=: " %%A in ("%_time%") DO (
SET _Hour=%%A
SET _Min=%%B
SET _Sec=%%C
)
Echo Removing spaces
set _Year=%_Year: =%
set _MonthUpdate=%_MonthUpdate: =%
set _Day=%_Day: =%
set _Hour=%_Hour: =%
set _Min=%_Min: =%
set _Sec=%_Sec: =%
REM
Echo Convert Month to two digits
set c=%_Month%
:Monthloop
if defined c (set c=%c:~1%&set /A _MonthCount += 1&goto Monthloop)
Echo Found %_MonthCount% in Month string
if "%_MonthCount%" LSS "2" (set _MonthUpdate=0%_Month%)
IF "%_MonthCount%" GTR "1" (set _MonthUpdate=%_Month%)
Echo %_MonthUpdate%
REM
Echo Convert Day to Two Digits
echo %_Day%
set c=%_Day%
:Dayloop
if defined c (set c=%c:~1%&set /A _DayCount += 1&goto Dayloop)
Echo Found %_DayCount% in day string
if "%_DayCount%" LSS "2" (set _DayUpdate=0%_Day%)
IF "%_DayCount%" GTR "1" (set _DayUpdate=%_Day%)
Echo %_DayUpdate%
REM
Echo Convert Hour to two digits
set c=%_Hour%
:Hourloop
if defined c (set c=%c:~1%&set /A b += 1&goto Hourloop)
Echo Found %b% in hour string
if "%b%" LSS "2" (set _HourUpdate=0%_Hour%)
IF "%b%" GTR "1" (set _HourUpdate=%_Hour%)
REM
Echo %_HourUpdate%
Echo Convert Hour to 24Hour
if %_AMPM%==PM#Local (
  if %_HourUpdate% == 01 (set _HourUpdate=13)
  if %_HourUpdate% == 02 (set _HourUpdate=14)
  if %_HourUpdate% == 03 (set _HourUpdate=15)
  if %_HourUpdate% == 04 (set _HourUpdate=16)
  if %_HourUpdate% == 05 (set _HourUpdate=17)
  if %_HourUpdate% == 07 (set _HourUpdate=19)
  if %_HourUpdate% == 08 (set _HourUpdate=20)
  if %_HourUpdate% == 09 (set _HourUpdate=21)
  if %_HourUpdate% == 10 (set _HourUpdate=22)
  if %_HourUpdate% == 11 (set _HourUpdate=23)
  ) ELSE (
  if %_HourUpdate% == 12 (set _HourUpdate=00)
  )
if %_AMPM%==PM#The (
  if %_HourUpdate% == 01 (set _HourUpdate=13)
  if %_HourUpdate% == 02 (set _HourUpdate=14)
  if %_HourUpdate% == 03 (set _HourUpdate=15)
  if %_HourUpdate% == 04 (set _HourUpdate=16)
  if %_HourUpdate% == 05 (set _HourUpdate=17)
  if %_HourUpdate% == 07 (set _HourUpdate=19)
  if %_HourUpdate% == 08 (set _HourUpdate=20)
  if %_HourUpdate% == 09 (set _HourUpdate=21)
  if %_HourUpdate% == 10 (set _HourUpdate=22)
  if %_HourUpdate% == 11 (set _HourUpdate=23)
  ) ELSE (
  if %_HourUpdate% == 12 (set _HourUpdate=00)
  )
REM
Echo  Convert Mins to two digits
set c=%_Min%
:Minloop
if defined c (set c=%c:~1%&set /A _MinCount += 1&goto Minloop)
Echo Found %_MinCount% in minute string
if "%_MinCount%" LSS "2" (set _MinUpdate=0%_Min%)
IF "%_MinCount%" GTR "1" (set _MinUpdate=%_Min%)
Echo %_MinUpdate%
REM This is done incase seconds doesn't return as in older versions of windowss
if "%_Sec%"==" " SET _Sec=00
REM Remove Spaces from Strings
set _Year=%_Year: =%
set _MonthUpdate=%_MonthUpdate: =%
set _DayUpdate=%_DayUpdate: =%
set _HourUpdate=%_HourUpdate: =%
set _MinUpdate=%_MinUpdate: =%
set _Sec=%_Sec: =%
if not %_MonthUpdate%==is echo Log Off,%_Year%-%_MonthUpdate%-%_DayUpdate% %_HourUpdate%:%_MinUpdate%:%_Sec%,%COMPUTERNAME%,%USERNAME%  >> \\servername\audit\%USERNAME%.csv
if %_MonthUpdate%==is echo %date:~10,4%-%date:~4,2%-%date:~7,2%,%COMPUTERNAME%,%USERNAME% >> \\servername\audit\errors.txt
-
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

KQL - Group Object Audits ADDS

This is a KQL written for Azure Sentinel. Purpose is to search for eventid from Active Directory Domain Services related to Group objects....