• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Backing Up Event Logfiles On Windows NT

A client needs their NT server to have its event logfiles (Application, System, and Security) backed up to a remote server.  I was given a .vbs script, plus an executable to put in the same folder as the script file, which provided the WScript object.  The script was written for Windows 2000, and doesn't work on NT.  The script is as follows:

On Error Resume Next


If WScript.Arguments.Count = 2 Then
    sLogName = WScript.Arguments.Item(0)
    sBackupName = GetCurrentFolder() & WScript.Arguments.Item(1)
Else
    WScript.Echo "Two arguments required: LogName BackupFileName"
    WScript.Quit
End If


Set cLogFile = GetObject("WinMgmts:{(Backup,Security)}!root/cimv2").ExecQuery("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName = " & "'" & sLogName & "'")
Call CatchAnyErrorsAndQuit("Problem connecting to WMI service on target.")


For Each oEntry In cLogfile
    bFlag = oEntry.BackupEventlog(sBackupName)

    If bFlag = 0 Then
        WScript.Echo "Log successfully backed up to " & sBackupName
        bFlag2 = oEntry.ClearEventlog()
        If bFlag2 = 0 Then
            WScript.Echo "Log successfully cleared."
        Else
            WScript.Echo "Log NOT cleared!"
        End If
    Else
        WScript.Echo "Error! Log not cleared and log not backed up!"
    End If
Next


Function GetCurrentFolder()
     strFN = WScript.ScriptFullName
     GetCurrentFolder = Left(strFN, InstrRev(strFN, "\"))
End Function


Sub CatchAnyErrorsAndQuit(msg)
     If Err.Number <> 0 Then
          sOutput = vbCrLf
          sOutput = sOutput &  "ERROR:             " & msg & vbCrLf
          sOutput = sOutput &  "Error Number:      " & Err.Number & vbCrlf
          sOutput = sOutput &  "Error Description: " & Err.Description & vbCrLf
          sOutput = sOutput &  "Error Source:      " & Err.Source & vbCrLf
          sOutput = sOutput &  "Script Name:       " & WScript.ScriptName & vbCrLf
          sOutput = sOutput &  vbCrLf
         
        WScript.Echo sOutput
          WScript.Quit Err.Number
     End If
End Sub

The script is functioning - if I run it from the command line I get the apprapriate error message - but the line

Set cLogFile = GetObject("WinMgmts:{(Backup,Security)}!root/cimv2").ExecQuery("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName = " & "'" & sLogName & "'")

creates an error, starting with -214 (I'm at home today and don't have access to it), which has no Description associated with it. It appears that at least one problem is that in NT the default workspace (correct?) isn't root/cimv2.  I looked in NT in regedit and couldn't find that, or indeed the Software/Microsoft/IBEM(from memory - probably wrong) folder, or any reference to root/cimv2.

What I would like from someone:
1) How do I tweak the above line to make the script run in NT?
2) The script takes 2 arguments - type and name, and automatically puts the backup in the folder the script is in (at least I think it will, when I can make it work). Should the first argument be "Security", for the security log, or should it be SecEvents.evt, the name of the actual logfile?  For the second argument, to put the backup on a remote machine, can I just set sBackupName to the path:
sBackupName = "\\ComputerName\Backups\Filename.txt"
3)  This process needs to be done for security, system, and application files.  I want to put this all in one VB program, so I don't have to call an external script. How do I do this (apart from declaring variables)?  Do I make a project reference to the Scripting Library, then declare/set a reference to WScript? Syntax?  What else do I have to do to tweak the VBSript to make it run in VB?
4) The client wants this to be scheduled (I believe daily). Does this change the requirements of the program? Would you recommend a separate logfile output each time the program is run?

Thanks a lot in advance.  
0
pbleighton
Asked:
pbleighton
1 Solution
 
bonzaiCommented:
Hi


it looks like the WMI (Windows Management instrumentation) is not installed, because the WMI query fails.

download it @ http://msdn.microsoft.com/library/default.asp?url=/downloads/list/wmi.asp

greets
Bonzai

0
 
pbleightonAuthor Commented:
Bonzai - thanks -
There are 4 downloads - should I do
Windows Management Instrumentation (WMI) CORE 1.5
and
Windows Management Instrumentation?

They are both Ok on NT?
0
 
Glen A.IT Project ManagerCommented:
I concur with bonzai, you need to install the wmi core components for NT.

There's only one file you need, and that's the core component.  Download for wmi for different os's is available here:

http://msdn.microsoft.com/downloads/default.asp?url=/downloads/sample.asp?url=/msdn-files/027/001/576/msdncompositedoc.xml

Then click on the link for Windows NT, accept the agreement and you're sent to another page.  That should be what you need to d/l.

Glen
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
pbleightonAuthor Commented:
Thanks folks - worked fine!
I'd like to split the points - can I do this and how?
0
 
moduloCommented:
Changed 200 points into 110 as requested by:
http://www.experts-exchange.com/Community_Support/Q_20546643.html

modulo

Community Support Moderator
Experts Exchange
0
 
pbleightonAuthor Commented:
Awarded 110 points to bonzai, and 110 points for AlbertaBeef is at
http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/Q_20547804.html
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now