Skip to main content

Batch - Get time from remote server write to csv audit log



Purpose: needed a hacked up batch file that was able to read time from a remote server and log to a CSV for user logon auditing. They may have been a better way to do this in batch, but after about 5 hours of looking i decided to just write my own. Wish i could have used powershell. Note:I found that using the net time //x.x.x.x command against a server can return different formatted results I think this script is able to handle the differences but i can not be certain without further testing
@echo off
REM Tony Unger
REM
REM login audit script
REM For Log In
Rem Writes to a CSV file
REM Thanks to http://brisray.com/comp/batch3.htm for length checking in batch


setlocal EnableDelayedExpansion
for /f "delims=" %%i in ('net time \\servername') do (
    if "!CurrentTime!"=="" (set CurrentTime=%%i) else (set CurrentTime=!CurrentTime!#%%i)

)

echo %CurrentTime%
Echo parse the Net Time command
FOR /f "tokens=6,7,8" %%a IN ("%CurrentTime%") DO (
SET _date=%%a
SET _time=%%b
SET _AMPM=%%c
Echo after read ampm is %_AMPM%
If %_AMPM% ==AM#Local (
FOR /f "tokens=14,15,16" %%a IN ("%CurrentTime%") DO (
SET _date=%%a
SET _time=%%b
SET _AMPM=%%c
)
)
If %_AMPM% ==PM#Local (
FOR /f "tokens=14,15,16" %%a IN ("%CurrentTime%") DO (
SET _date=%%a
SET _time=%%b
SET _AMPM=%%c
)
)
Echo Now it is equal to: %_AMPM%

if %_HourUpdate% == 01 (set _HourUpdate=13)
Echo Break up the date to Day Month Year
for /f "tokens=1,2,3 delims=/ " %%A in ("%_date%") DO (
SET _Month=%%A
SET _Day=%%B
SET _Year=%%C
)
Echo Breakup Time to Hour Min Sec
for /f "tokens=1,2,3 delims=: " %%A in ("%_time%") DO (
SET _Hour=%%A
SET _Min=%%B
SET _Sec=%%C
)
Echo Removing spaces
set _Year=%_Year: =%
set _MonthUpdate=%_MonthUpdate: =%
set _Day=%_Day: =%
set _Hour=%_Hour: =%
set _Min=%_Min: =%
set _Sec=%_Sec: =%
REM
Echo Convert Month to two digits
set c=%_Month%
:Monthloop
if defined c (set c=%c:~1%&set /A _MonthCount += 1&goto Monthloop)
Echo Found %_MonthCount% in Month string
if "%_MonthCount%" LSS "2" (set _MonthUpdate=0%_Month%)
IF "%_MonthCount%" GTR "1" (set _MonthUpdate=%_Month%)
Echo %_MonthUpdate%
REM
Echo Convert Day to Two Digits
echo %_Day%
set c=%_Day%
:Dayloop
if defined c (set c=%c:~1%&set /A _DayCount += 1&goto Dayloop)
Echo Found %_DayCount% in day string
if "%_DayCount%" LSS "2" (set _DayUpdate=0%_Day%)
IF "%_DayCount%" GTR "1" (set _DayUpdate=%_Day%)
Echo %_DayUpdate%
REM
Echo Convert Hour to two digits
set c=%_Hour%
:Hourloop
if defined c (set c=%c:~1%&set /A b += 1&goto Hourloop)
Echo Found %b% in hour string
if "%b%" LSS "2" (set _HourUpdate=0%_Hour%)
IF "%b%" GTR "1" (set _HourUpdate=%_Hour%)
REM
Echo %_HourUpdate%
Echo Convert Hour to 24Hour
if %_AMPM%==PM#Local (
  if %_HourUpdate% == 01 (set _HourUpdate=13)
  if %_HourUpdate% == 02 (set _HourUpdate=14)
  if %_HourUpdate% == 03 (set _HourUpdate=15)
  if %_HourUpdate% == 04 (set _HourUpdate=16)
  if %_HourUpdate% == 05 (set _HourUpdate=17)
  if %_HourUpdate% == 07 (set _HourUpdate=19)
  if %_HourUpdate% == 08 (set _HourUpdate=20)
  if %_HourUpdate% == 09 (set _HourUpdate=21)
  if %_HourUpdate% == 10 (set _HourUpdate=22)
  if %_HourUpdate% == 11 (set _HourUpdate=23)
  ) ELSE (
  if %_HourUpdate% == 12 (set _HourUpdate=00)
  )
if %_AMPM%==PM#The (
  if %_HourUpdate% == 01 (set _HourUpdate=13)
  if %_HourUpdate% == 02 (set _HourUpdate=14)
  if %_HourUpdate% == 03 (set _HourUpdate=15)
  if %_HourUpdate% == 04 (set _HourUpdate=16)
  if %_HourUpdate% == 05 (set _HourUpdate=17)
  if %_HourUpdate% == 07 (set _HourUpdate=19)
  if %_HourUpdate% == 08 (set _HourUpdate=20)
  if %_HourUpdate% == 09 (set _HourUpdate=21)
  if %_HourUpdate% == 10 (set _HourUpdate=22)
  if %_HourUpdate% == 11 (set _HourUpdate=23)
  ) ELSE (
  if %_HourUpdate% == 12 (set _HourUpdate=00)
  )
REM
Echo  Convert Mins to two digits
set c=%_Min%
:Minloop
if defined c (set c=%c:~1%&set /A _MinCount += 1&goto Minloop)
Echo Found %_MinCount% in minute string
if "%_MinCount%" LSS "2" (set _MinUpdate=0%_Min%)
IF "%_MinCount%" GTR "1" (set _MinUpdate=%_Min%)
Echo %_MinUpdate%
REM This is done incase seconds doesn't return as in older versions of windowss
if "%_Sec%"==" " SET _Sec=00
REM Remove Spaces from Strings
set _Year=%_Year: =%
set _MonthUpdate=%_MonthUpdate: =%
set _DayUpdate=%_DayUpdate: =%
set _HourUpdate=%_HourUpdate: =%
set _MinUpdate=%_MinUpdate: =%
set _Sec=%_Sec: =%
if not %_MonthUpdate%==is echo Log Off,%_Year%-%_MonthUpdate%-%_DayUpdate% %_HourUpdate%:%_MinUpdate%:%_Sec%,%COMPUTERNAME%,%USERNAME%  >> \\servername\audit\%USERNAME%.csv
if %_MonthUpdate%==is echo %date:~10,4%-%date:~4,2%-%date:~7,2%,%COMPUTERNAME%,%USERNAME% >> \\servername\audit\errors.txt

Comments

Popular posts from this blog

Excel document for pinging list of computers VBA

Here is an excel document I created that will ping a list of nodes in column A and give results in column B. There are much better tools that can be used such as angry ip scanner  http://www.angryip.org/w/Home . I just wrote this as an example Requirements: Tested with Office 2010 Download: Download

Powershell - Com+ Application Recycle

Needed a script to recycle a com+ application nightly and this is what i came up with. This script will write each recycle it does to the event log under application. Run locally or via a scheduled task. #Recycle COM+ Application and write to the event log the status # 1.0 Release # Run script locally # Write to the event log ######################################## #Configurable ######################################## #Com+ ApplicationName $ComPlusLikeAppName = "Put the name of Com+ Application here a like statement is used to eval so you can get away with putting part of it" #EventLog to write to. $eventlog = "Application" #Source for eventlog. $source = "RecycleComObject" #Successful Event ID $SEventID = 0 #Error Event ID $EEventID = 666 #Process that COM+ runs under $process = "dllhost.exe". ######################################## #Clear $CurrentMemory = $null $PRocessID = $null $Commandline = $null $GUID = $null $AppID = $null $Messag

Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query. $Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $Sp