catching Windows Audit Failure Events in Java

Question

I have posted recently same question, but not answered. Now I will explain what i want...

there is an Audit Failure event in windows id: 4625, it is fired when wrong password is entered in windows log on screen, I want to capture that specific event in my java application. I have googled so many times but not found any answer.

I found another way that, in Event Policy setting of windows, I search for Audit Failure Event, than I attach task to that event manually, so whenever that event occurs, schedule task runs my program (which is attached to that Audit Failure Event).

I want that, can i catch that event in java OR is it possible to add entry programmatic-ally in schedule task that runs my task whenever Audit Failure Event is occurred.

Any help will be appreciated, I am in this situation for 1 year and didn't found any solution..

thanks

Answer 1

From what I can tell, the Windows Event Log is a text file. It looks like this is a description of the file format: http://msdn.microsoft.com/en-us/library/windows/desktop/bb309026%28v=vs.85%29.aspx

You might be able to do it using an existing windows library or tool. For instance Microsoft's Log Parser - http://www.microsoft.com/download/en/details.aspx?id=24659

Alternatively, it looks like it wouldn't be hard to write a parser in pure Java.

To capture the events as they happen, you could write a file watcher in Java that either captures file change notifications (see Java 7 the FileWatcher class) or "tails" the file (see the Apache commons FileTailer class).