最新消息:

3389安全记录批处理

windows admin 2889浏览 0评论
@echo off
 setlocal EnableDelayedExpansion
 date/t >> c:windows3389log.txt
 set lflag=nolog
 set rip=0.0.0.0
 :TS3389
 ping -n 10 -w 500 0.0.0.1>nul
 for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set lrip=%%a
 if "%lrip%" == "!rip!" goto :TS3389
 netstat -an | find "3389" |find "ESTABLISHED"&&set lflag=log
 if "%lflag%" == "log" (
     for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set rip=%%a
     set lflag=nolog
     time/t >> c:windows3389log.txt
     netstat -an | find "3389" |find "ESTABLISHED">> c:windows3389log.txt
 )

goto :TS3389

Windows自带没什么安全记录远程桌面登陆的时间和ip信息,所以写了个批处理。默认保存日志到c:windows3389log.txt
,监控端口是3389,有兴趣大家根据实际情况自己改下!

转载请注明:爱开源 » 3389安全记录批处理

您必须 登录 才能发表评论!