Backing Up Event Logfiles On Windows NT

Posted on 2003-03-07
Medium Priority
Last Modified: 2012-08-14
A client needs their NT server to have its event logfiles (Application, System, and Security) backed up to a remote server.  I was given a .vbs script, plus an executable to put in the same folder as the script file, which provided the WScript object.  The script was written for Windows 2000, and doesn't work on NT.  The script is as follows:

On Error Resume Next

If WScript.Arguments.Count = 2 Then
    sLogName = WScript.Arguments.Item(0)
    sBackupName = GetCurrentFolder() & WScript.Arguments.Item(1)
    WScript.Echo "Two arguments required: LogName BackupFileName"
End If

Set cLogFile = GetObject("WinMgmts:{(Backup,Security)}!root/cimv2").ExecQuery("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName = " & "'" & sLogName & "'")
Call CatchAnyErrorsAndQuit("Problem connecting to WMI service on target.")

For Each oEntry In cLogfile
    bFlag = oEntry.BackupEventlog(sBackupName)

    If bFlag = 0 Then
        WScript.Echo "Log successfully backed up to " & sBackupName
        bFlag2 = oEntry.ClearEventlog()
        If bFlag2 = 0 Then
            WScript.Echo "Log successfully cleared."
            WScript.Echo "Log NOT cleared!"
        End If
        WScript.Echo "Error! Log not cleared and log not backed up!"
    End If

Function GetCurrentFolder()
     strFN = WScript.ScriptFullName
     GetCurrentFolder = Left(strFN, InstrRev(strFN, "\"))
End Function

Sub CatchAnyErrorsAndQuit(msg)
     If Err.Number <> 0 Then
          sOutput = vbCrLf
          sOutput = sOutput &  "ERROR:             " & msg & vbCrLf
          sOutput = sOutput &  "Error Number:      " & Err.Number & vbCrlf
          sOutput = sOutput &  "Error Description: " & Err.Description & vbCrLf
          sOutput = sOutput &  "Error Source:      " & Err.Source & vbCrLf
          sOutput = sOutput &  "Script Name:       " & WScript.ScriptName & vbCrLf
          sOutput = sOutput &  vbCrLf
        WScript.Echo sOutput
          WScript.Quit Err.Number
     End If
End Sub

The script is functioning - if I run it from the command line I get the apprapriate error message - but the line

Set cLogFile = GetObject("WinMgmts:{(Backup,Security)}!root/cimv2").ExecQuery("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName = " & "'" & sLogName & "'")

creates an error, starting with -214 (I'm at home today and don't have access to it), which has no Description associated with it. It appears that at least one problem is that in NT the default workspace (correct?) isn't root/cimv2.  I looked in NT in regedit and couldn't find that, or indeed the Software/Microsoft/IBEM(from memory - probably wrong) folder, or any reference to root/cimv2.

What I would like from someone:
1) How do I tweak the above line to make the script run in NT?
2) The script takes 2 arguments - type and name, and automatically puts the backup in the folder the script is in (at least I think it will, when I can make it work). Should the first argument be "Security", for the security log, or should it be SecEvents.evt, the name of the actual logfile?  For the second argument, to put the backup on a remote machine, can I just set sBackupName to the path:
sBackupName = "\\ComputerName\Backups\Filename.txt"
3)  This process needs to be done for security, system, and application files.  I want to put this all in one VB program, so I don't have to call an external script. How do I do this (apart from declaring variables)?  Do I make a project reference to the Scripting Library, then declare/set a reference to WScript? Syntax?  What else do I have to do to tweak the VBSript to make it run in VB?
4) The client wants this to be scheduled (I believe daily). Does this change the requirements of the program? Would you recommend a separate logfile output each time the program is run?

Thanks a lot in advance.  
Question by:pbleighton
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

bonzai earned 440 total points
ID: 8094034

it looks like the WMI (Windows Management instrumentation) is not installed, because the WMI query fails.

download it @ http://msdn.microsoft.com/library/default.asp?url=/downloads/list/wmi.asp



Author Comment

ID: 8094967
Bonzai - thanks -
There are 4 downloads - should I do
Windows Management Instrumentation (WMI) CORE 1.5
Windows Management Instrumentation?

They are both Ok on NT?
LVL 13

Expert Comment

ID: 8096336
I concur with bonzai, you need to install the wmi core components for NT.

There's only one file you need, and that's the core component.  Download for wmi for different os's is available here:


Then click on the link for Windows NT, accept the agreement and you're sent to another page.  That should be what you need to d/l.


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 8106647
Thanks folks - worked fine!
I'd like to split the points - can I do this and how?

Expert Comment

ID: 8114662
Changed 200 points into 110 as requested by:


Community Support Moderator
Experts Exchange

Author Comment

ID: 8119533
Awarded 110 points to bonzai, and 110 points for AlbertaBeef is at

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
If you have ever used Microsoft Word then you know that it has a good spell checker and it may have occurred to you that the ability to check spelling might be a nice piece of functionality to add to certain applications of yours. Well the code that…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Suggested Courses
Course of the Month13 days, 21 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question