问题
This is my First Attempt as using XML with php. what i am trying to do is find the coding to read the XML logs exported from Windows event Viewer. and i think im having issue with the Children part and learning how to read the 2 sectons. now im using a peice of code i found from the php website and still just testing it.
i can read the info from the System section but not from the next child EventData.
Thanks in advance for all of your help
<?php
$xml = simplexml_load_file("admin/xml/events.xml") or die("Error: Cannot create object");
if(!$xml){
echo "No Go!";
br();
}
else{
echo "Good To Go!";
br();
}
foreach ($xml->children() as $second_gen) {
foreach ($second_gen->children() as $third_gen) {
echo ' who begot a ' . $third_gen->EventID . ';';br();
}
foreach ($second_gen->children() as $fourth_gen->EventData) {
echo ' and that ' . $fourth_gen->EventID .
' begot a ' . $fourth_gen->Data['SubjectUserSid'];br();
}
}
?>
and here is my XML
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Events>
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/>
<EventID>4656</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12804</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime='2015-04-06T19:54:07.248Z'/>
<EventRecordID>6426</EventRecordID>
<Correlation/>
<Execution ProcessID='4' ThreadID='88'/>
<Channel>Security</Channel>
<Computer>CCS03.clearcreek.local</Computer>
<Security/>
</System>
<EventData>
<Data Name='SubjectUserSid'>S-1-5-18</Data>
<Data Name='SubjectUserName'>CCS03$</Data>
<Data Name='SubjectDomainName'>CLEARCREEK0</Data>
<Data Name='SubjectLogonId'>0x3e7</Data>
<Data Name='ObjectServer'>PlugPlayManager</Data>
<Data Name='ObjectType'>Security</Data>
<Data Name='ObjectName'>PlugPlaySecurityObject</Data>
<Data Name='HandleId'>0x0</Data>
<Data Name='TransactionId'>{00000000-0000-0000-0000-000000000000}</Data>
<Data Name='AccessList'>%%1553</Data>
<Data Name='AccessMask'>0x2</Data>
<Data Name='PrivilegeList'>-</Data>
<Data Name='RestrictedSidCount'>0</Data>
<Data Name='ProcessId'>0x394</Data>
<Data Name='ProcessName'>C:\Windows\System32\svchost.exe</Data>
</EventData>
</Event>
</Events>
回答1:
Your loops are incorrect:
foreach ($second_gen->children() as $third_gen) {
^^^^^^
foreach ($second_gen->children() as $fourth_gen->EventData) {
^^^^^^
Shouldn't the second loop be $third_gen?
回答2:
I don't see a reason to read Event Viewer from PHP, as PHP is a language uses mainly in web developments and Event Wiever is to monitor and collect details about what happens in the server, the y diese'te male se sense to work together, expose Event Viewer information to PHP can let someone read your server events, something which is aehigh risk for your server security.
For sure, your goal with this can be achieved from a different perspective with a better security, ir you explain your requirements and scope there will be people with a better approach, I don't recommend to send or read Evwnt Viewer from outside of the server without a strong security. I'm aliso happy to help you.
回答3:
If you can post the exportes logs it would help, although I would suggest to implement an application in the "system with the event" server reading the xml and exporting the relevant data and sending the postprocess event data to "apache server". The exported data shouldn't be a very detailed events happening in the system and I assume the Apache Server is where you want to see the events, this access should be under login/password. Hope this helps. Note that this approach is sending details from server a to server b rather than php reading events details.
回答4:
If you are still thinking push your data, I think the problem in the code you posted is the iteration, you should iterate the events list as you already have but inside you can access to system and data directly as $second_gen->System and $second_gen->EventData, see velos and example:
foreach ($xml->children() as $second_gen) {
// access to variable $second_gen->System and its properties
echo 'system: ' + $second_gen->System->EventID
// also you can access to data section
echo 'data: ' + $second_gen->EventData->ProcessID
}
来源:https://stackoverflow.com/questions/30517516/how-to-read-xml-microsoft-event-logs-with-php