www.safe3.cn原创,转载请注明出处
@echo off
setlocal EnableDelayedExpansion
date/t >> c:\windows\3389log.txt
set lflag=nolog
set rip=0.0.0.0
:TS3389
ping -n 10 -w 500 0.0.0.1>nul
for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set lrip=%%a
if "%lrip%" == "!rip!" goto :TS3389
netstat -an | find "3389" |find "ESTABLISHED"&&set lflag=log
if "%lflag%" == "log" (
for /f "tokens=4 delims=: " %%a in ('netstat -an ^| find "3389" ^|find "ESTABLISHED"') do set rip=%%a
set lflag=nolog
time/t >> c:\windows\3389log.txt
netstat -an | find "3389" |find "ESTABLISHED">> c:\windows\3389log.txt
)
goto :TS3389
Windows自带没什么安全记录远程桌面登陆的时间和ip信息,所以写了个批处理。默认保存日志到c:\windows\3389log.txt
,监控端口是3389,有兴趣大家根据实际情况自己改下!