@echo off setlocal EnableDelayedExpansion date/t >> c:windows3389log.txt set lflag=nolog set rip=0.0.0.0 :TS3389 ping -n 10 -w 500 0.0.0.1>nul for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set lrip=%%a if "%lrip%" == "!rip!" goto :TS3389 netstat -an | find "3389" |find "ESTABLISHED"&&set lflag=log if "%lflag%" == "log" ( for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set rip=%%a set lflag=nolog time/t >> c:windows3389log.txt netstat -an | find "3389" |find "ESTABLISHED">> c:windows3389log.txt ) goto :TS3389
Windows自带没什么安全记录远程桌面登陆的时间和ip信息,所以写了个批处理。默认保存日志到c:windows3389log.txt
,监控端口是3389,有兴趣大家根据实际情况自己改下!
转载请注明:爱开源 » 3389安全记录批处理