Solved

how to save a copy of Event Logs then clear it??

Posted on 2004-10-10
5
316 Views
Last Modified: 2010-04-19
hi guys,

I am looking for a script that would save a copy of the event logs using the currne date as the name such as Seclog091004 and save it in a specific location if possible.

I am running Windows Server 2003.

where can I find it?

thanks guys
0
Comment
Question by:mjalmassud
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 12272344
Hello,
Here is a script from ms technet

'!!!Begin Copy
'replace the "." below if this script will run on a remote machine with the name of the server
'Also change the word Application (7 and 17 lines below to match the event log)

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Backup)}!\\" & _
        strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application'")

'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strReplace = strText2

For Each objLogfile in colLogFiles
    errBackupLog = objLogFile.BackupEventLog("c:\" & strReplace & "application.evt")
    If errBackupLog <> 0 Then
'I have remed out the line below. You can take the apostrophe away if you would like
' notification if it fails      
        'Wscript.Echo "The Application event log could not be backed up."
    Else
        objLogFile.ClearEventLog()
    End If
Next

'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12272690
mdiglio,

thanks a lot for taking the time trying to help me.

Could you please make it easier and make it work for a server named mj_server
With “SecDate” as the name of Security log file as an example that the script will save.

Thanks a lot for the help man

0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 12273722
This will create a file named Sec(%date%).evt on the root of your C drive
copy the text below into a notepad file and save it with a .vbs extension

Also, before you test this script out please backup your event log manually

'!!!Begin Copy
strComputer = "mj_server"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName ='Security'")
'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strFile = "C:\Sec" & strText2 & ".evt"

For Each objLogFile In colLogFiles
       strBackupLog = objLogFile.BackupEventLog _
           (strFile)
       objLogFile.ClearEventLog()
Next
'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12273746
I love you mdiglio.

thank you so much man
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 12276099
no problem, glad you got it working.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question