如何使用PHP读取XML Microsoft事件日志 [英] How to Read XML Microsoft Event Logs with PHP

问题描述

这是我第一次尝试将XML与php一起使用。我想做的是找到编码，以读取从Windows事件查看器导出的XML日志。我认为儿童部分存在问题，并正在学习如何阅读2秒。现在，我使用的是我在php网站上找到的一段代码，并且仍在对其进行测试。

This is my First Attempt as using XML with php. what i am trying to do is find the coding to read the XML logs exported from Windows event Viewer. and i think im having issue with the Children part and learning how to read the 2 sectons. now im using a peice of code i found from the php website and still just testing it.

我可以从系统部分读取信息，但不能从下一个子EventData中读取信息

i can read the info from the System section but not from the next child EventData.

预先感谢您的所有帮助

<?php
$xml = simplexml_load_file("admin/xml/events.xml") or die("Error: Cannot create object");
if(!$xml){
    echo "No Go!";
    br();
}
else{
    echo "Good To Go!";
    br();
}

foreach ($xml->children() as $second_gen) {

    foreach ($second_gen->children() as $third_gen) {
        echo ' who begot a ' . $third_gen->EventID . ';';br();


   }
   foreach ($second_gen->children() as $fourth_gen->EventData) {
            echo ' and that ' . $fourth_gen->EventID .
                ' begot a ' . $fourth_gen->Data['SubjectUserSid'];br();
        }
}
?>

这是我的XML

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Events>
    <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
        <System>
            <Provider Name='Microsoft-Windows-Security-Auditing' Guid='{54849625-5478-4994-a5ba-3e3b0328c30d}'/>
            <EventID>4656</EventID>
            <Version>0</Version>
            <Level>0</Level>
            <Task>12804</Task>
            <Opcode>0</Opcode>
            <Keywords>0x8020000000000000</Keywords>
            <TimeCreated SystemTime='2015-04-06T19:54:07.248Z'/>
            <EventRecordID>6426</EventRecordID>
            <Correlation/>
            <Execution ProcessID='4' ThreadID='88'/>
            <Channel>Security</Channel>
            <Computer>CCS03.clearcreek.local</Computer>
            <Security/>
        </System>
        <EventData>
            <Data Name='SubjectUserSid'>S-1-5-18</Data>
            <Data Name='SubjectUserName'>CCS03$</Data>
            <Data Name='SubjectDomainName'>CLEARCREEK0</Data>
            <Data Name='SubjectLogonId'>0x3e7</Data>
            <Data Name='ObjectServer'>PlugPlayManager</Data>
            <Data Name='ObjectType'>Security</Data>
            <Data Name='ObjectName'>PlugPlaySecurityObject</Data>
            <Data Name='HandleId'>0x0</Data>
            <Data Name='TransactionId'>{00000000-0000-0000-0000-000000000000}</Data>
            <Data Name='AccessList'>%%1553</Data>
            <Data Name='AccessMask'>0x2</Data>
            <Data Name='PrivilegeList'>-</Data>
            <Data Name='RestrictedSidCount'>0</Data>
            <Data Name='ProcessId'>0x394</Data>
            <Data Name='ProcessName'>C:\Windows\System32\svchost.exe</Data>
        </EventData>
    </Event>
</Events>

推荐答案

如果您仍在考虑推送数据，我认为发布的代码中的问题是迭代，您应该对事件列表进行迭代，但是在内部您可以通过$ second_gen-> System和$ second_gen-> EventData直接访问系统和数据，请参见velos和示例：

If you are still thinking push your data, I think the problem in the code you posted is the iteration, you should iterate the events list as you already have but inside you can access to system and data directly as $second_gen->System and $second_gen->EventData, see velos and example:

foreach ($xml->children() as $second_gen) {
// access to variable $second_gen->System and its properties
echo 'system: ' + $second_gen->System->EventID

// also you can access to data section 
echo 'data: ' + $second_gen->EventData->ProcessID

}

这篇关于如何使用PHP读取XML Microsoft事件日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！