Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
Perl Monk, Perl Meditation
 
PerlMonks  

Monitoring Windows Registry Changes

by Eustaquio (Novice)
on Aug 03, 2001 at 17:18 UTC ( #101966=perlquestion: print w/ replies, xml ) Need Help??
Eustaquio has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks: I'm in charge in Security Project that needs monitoring Windows Registry changes. How can I do it in perl? Thanks in Advance. Eustaquio - jeustaqi@net.em.com.br

Comment on Monitoring Windows Registry Changes
Re: Monitoring Windows Registry Changes
by c-era (Curate) on Aug 03, 2001 at 17:21 UTC
    I would create a windows service that on boot would make a copy of the registy (keys and values). Then every hour (or what ever resolution you need), I would have it scan the registry and look for differences, and have the script e-mail a report. Take a look at the Win32::Registry and Win32::Daemon from Roth Consulting (which appears to be down right now).
Re: Monitoring Windows Registry Changes
by joefission (Monk) on Aug 03, 2001 at 17:39 UTC
    Depends on what depth you need to monitor. Do you need to know if there was a change? Do you need to know what the change was?

    I'd play with Win32::TieRegistry, especially the

    $key->RegNotifyChangeKeyValue( $bWatchSubtree, $iNotifyFilter, $hEvent, $bAsync );

    section.

    You could also turn Auditing on the registry and montitor the Event Logs, hopefully leveraging any existing Event Log Security monitoring you may have (using Win32::EventLog, of course :)

    c-era has good suggestions. The only thing I can add is you could run the monitor via mstask (scheduler).

Re: Monitoring Windows Registry Changes
by tachyon (Chancellor) on Aug 03, 2001 at 18:01 UTC

    Hi this is not a perl solution but a program called Regmon works very well. You can find the site here http://www.winternals.com/products/monitoringtools/monitoringtools.asp Sorry they do charge but the do have a free demo and, well you know.

    Why reinvent this wheel, then again why not :-)

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

      Yep, it's good software. The free version is available at Sysinternals. Lots of other good software there too, and a lot of it comes with source code. included.

      Error: Keyboard not attached. Press F1 to continue.

      Update: corrected grammar!

        Top link $code or die nice explanation of the behind the scenes workings of this program.

        cheers

        tachyon

        s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://101966]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (14)
As of 2014-04-23 09:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (541 votes), past polls