@echo off
setlocal EnableDelayedExpansion
date/t >> c:windows3389log.txt
set lflag=nolog
set rip=0.0.0.0
:TS3389
ping -n 10 -w 500 0.0.0.1>nul
for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set lrip=%%a
if "%lrip%" == "!rip!" goto :TS3389
netstat -an | find "3389" |find "ESTABLISHED"&&set lflag=log
if "%lflag%" == "log" (
for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set rip=%%a
set lflag=nolog
time/t >> c:windows3389log.txt
netstat -an | find "3389" |find "ESTABLISHED">> c:windows3389log.txt
)
goto :TS3389
Windows自带没什么安全记录远程桌面登陆的时间和ip信息,所以写了个批处理。默认保存日志到c:windows3389log.txt
,监控端口是3389,有兴趣大家根据实际情况自己改下!
转载请注明:爱开源 » 3389安全记录批处理