Option Explicit ' 設定対象のコンピュータ名 Const TargetComputerName = "." ' イベントフィルタのインスタンス名 Const EventFilterName = "UsingSMTPTestFilter" ' イベントコンシューマのインスタンス名 Const EventConsumerName = "UsingSMTPTestConsumer" Const PolingInterval = "60" ' ポーリング間隔(秒) ' 通知するイベントの各プロパティ ' 限定しないものは空文字列とする Const Logfile = "Security" ' ログファイル Application, Security, System Const EventType = "4" ' イベントの種類 1:エラー 2:警告 3:情報 4:監査成功 5:監査失敗 Const SourceName = "Security" ' ソース Const EventCode = "540" ' イベントID(正しくは EventIdentifier の下位16bit) ' 通知メールの各プロパティ Const SMTPServer = "SMTPサーバ" Const FromLine = "差出人アドレス" Const ToLine = "宛先アドレス" Dim Locator Dim Services Dim OperatingSystemCollection Dim OperatingSystem Dim VersionString Dim Version Dim XPOrLater Dim FilterClass Dim Filter Dim WQL Dim Consumer Dim BindingClass Dim Binding ' WMIに接続 Set Locator = CreateObject("WbemScripting.SWbemLocator") Set Services = Locator.ConnectServer(TargetComputerName, "root\cimv2") ' OS バージョンを取得する Set OperatingSystemCollection = Services.ExecQuery("SELECT * FROM Win32_OperatingSystem") For Each OperatingSystem In OperatingSystemCollection ' Windows XP, Windows Server 2003 以上の場合は root\subscription 名前空間に接続 VersionString = OperatingSystem.Version Version = Left(VersionString, _ InStr(VersionString, ".") + _ InStr(Right(VersionString, Len(VersionString) - InStr(VersionString, ".")), ".") - 1) If Version > 5.0 Then XPOrLater = True Set Services = Nothing Set Services = Locator.ConnectServer(TargetComputerName, "root\subscription") End If Next ' フィルタオブジェクトの作成 Set FilterClass = Services.Get("__EventFilter") Set Filter = FilterClass.SpawnInstance_() ' WQL 文字列の作成 WQL = "SELECT * FROM __InstanceCreationEvent WITHIN " & PolingInterval & " " & _ "WHERE TargetInstance ISA 'Win32_NTLogEvent'" If Logfile <> "" Then WQL = WQL & " AND TargetInstance.Logfile = '" & Logfile & "'" If EventType <> "" Then WQL = WQL & " AND TargetInstance.EventType = '" & EventType & "'" If SourceName <> "" Then WQL = WQL & " AND TargetInstance.SourceName = '" & SourceName & "'" If EventCode <> "" Then WQL = WQL & " AND TargetInstance.EventCode = '" & EventCode & "'" ' イベントログフィルタの作成 With Filter .Name = EventFilterName If XPOrLater Then .EventNamespace = "root\cimv2" End If .QueryLanguage = "WQL" .Query = WQL End With Filter.Put_() ' SMTPイベントコンシューマの作成 Set Consumer = Services.Get("SMTPEventConsumer").SpawnInstance_() With Consumer .Name = EventConsumerName .SMTPServer = SMTPServer .FromLine = FromLine .ToLine = ToLine .Subject = "Event fired on %TargetInstance.ComputerName%" .Message = "Event fired on %TargetInstance.ComputerName%" & vbCrLf & _ "Logfile:%TargetInstance.Logfile%" & vbCrLf & _ "EventType:%TargetInstance.EventType%" & vbCrLf & _ "SourceName:%TargetInstance.SourceName%" & vbCrLf & _ "EventCode:%TargetInstance.EventCode%" & vbCrLf & _ "" End With Consumer.Put_() ' フィルタをコンシューマにバインドする Set BindingClass = Services.Get("__FilterToConsumerBinding") Set Binding = BindingClass.SpawnInstance_() With Binding .Filter = Filter.Path_.RelPath .Consumer = Consumer.Path_.RelPath End With Binding.Put_() Set Binding = Nothing Set BindingClass = Nothing Set Filter = Nothing Set FilterClass = Nothing Set Consumer = Nothing Set Services = Nothing