logger.bat
@echo off
set LINE[1]= dBP dBBBBP dBBBBb dBBBBb dBBBP dBBBBBb
set LINE[2]= dBP.BP dBP
set LINE[3]= dBP dBP.BP dBBBB dBBBB dBBP dBBBBK
set LINE[4]= dBP dBP.BP dB BB dB BB dBP dBP BB
set LINE[5]= dBBBBP dBBBBP dBBBBBB dBBBBBB dBBBBP dBP dB
set SELF=%~n0
set HERE=%~dp0
set HERE=%HERE:~0,-1%
setlocal enabledelayedexpansion
cd /d "%HERE%"
echo.
for /l %%i in (1, 1, 5) do (echo !LINE[%%i]!)
echo.
echo Gathering information, please wait ...
:: 実行中の cmd.exe の権限レベルを確認
for /f "tokens=*" %%i in ('whoami /groups ^| find "Mandatory"') do (set LINE=%%i)
:: 権限レベルが High ではない場合、管理者権限で cmd.exe を起動
(echo %LINE%) | findstr /l "High" || (
@powershell -NoProfile -ExecutionPolicy unrestricted -Command "Start-Process %~f0 -Verb runas"
exit
)
set Y=%DATE:~0,4%
set M=%DATE:~5,2%
:: システム時間を算出
:: SystemTime は UTC で指定する必要があるため、月初の 00:00:00 および月末の 23:59:59 から時差(9 時間)を減算
for /f "usebackq tokens=1,2 delims= " %%a in (`powershell -NoProfile -ExecutionPolicy Unrestricted -Command "& { $SYS_DAY = (Get-Date -Day 1).AddMonths(-1).AddDays(-1).ToString('yyyy-M-dd'); $SYS_DAY += ' ' + (Get-Date -Day 1).AddDays(-1).ToString('yyyy-M-dd'); return $SYS_DAY }"`) do (
set FROM=%%a
set TO=%%b
)
:: イベントログを取得
wevtutil epl Security "%HERE%\%SELF%.%Y%-%M%.evtx" /q:"*[System[(TimeCreated[@SystemTime >= '%FROM%T15:00:00.000Z' and @SystemTime < '%TO%T15:00:00.000Z']) and (EventID = 4624 or EventID = 4625 or EventID = 4634 or EventID = 4647 or EventID = 4648 or EventID = 4675)]]"
echo.
set /p =Press any key to close this window.
endlocal
実行結果は以下のとおりです。
