Link to home
Start Free TrialLog in
Avatar of dbeckwitt
dbeckwitt

asked on

Windows XP Event Log export/copy

I'm looking for a way to generate an export or copy of windows XP event log data via a batch file.  Copying seems to corrupt the file (presumably because it is an open file), and I will not be present at the PC to export manually.

any ideas would be appreciated.
Avatar of sirbounty
sirbounty
Flag of United States of America image

There's several scripting methods located here: http://www.microsoft.com/technet/scriptcenter/resources/qanda/events.mspx
I know of no way with batch scripting...
Avatar of yessirnosir
yessirnosir

Are you just trying to archive the logs for occasional access?  If that is the goal, one easy solution would be to use backup software on a schedule.  Even the built-in ntbackup tool should do the job; it uses volume shadow copy to get around the open file problem.   To view the files, you would have to restore them as a second step, although I image that could also be automated and scheduled.  
Yes I  played arouynd with this oneday wondering how I could save them too, I found an easy that works too.
open one of the errors
control panel administrative tools event errors>applications
 by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.

Here is proof it works by left clicking that littler white icon.

Event Type:      Information
Event Source:      SecurityCenter
Event Category:      None
Event ID:      1800
Date:            21/11/2006
Time:            7:23:33 AM
User:            N/A
Computer:      USER
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

or r/click applications in the left coloumn and save  logfile as  or export list
ASKER CERTIFIED SOLUTION
Avatar of hughtwg
hughtwg

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
hughtwg rocks!
this isn't even my thread, but that script was really educational for me.  thanks hughtwg!  The script worked first time with no modification on my system (other than creating the D:\eventlogs folder)

as I was learning how your script worked, I came across this reference that helped me understand it.  http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
Glad I could help. Hopefully dbeckwitt will find it useful also. ;)

-Hugh
hughtwg certainly has (imo) the best automated solution, though there were other likely solutions as well, depending on what the author was trying to accomplish.  The link I posted has scripts that will only pull out a certain date range or specified error/warning type...
I'd say all points to hughtwg...
If everyone was as easy to get along with and as helpful as you guys, cleanup would be a breeze, if not completely unnecessary. Thanks for the help guys, as per your recommendations I'm going to recommend hughtwg