Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

how to save a copy of Event Logs then clear it??

Posted on 2004-10-10
5
Medium Priority
?
320 Views
Last Modified: 2010-04-19
hi guys,

I am looking for a script that would save a copy of the event logs using the currne date as the name such as Seclog091004 and save it in a specific location if possible.

I am running Windows Server 2003.

where can I find it?

thanks guys
0
Comment
Question by:mjalmassud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 12272344
Hello,
Here is a script from ms technet

'!!!Begin Copy
'replace the "." below if this script will run on a remote machine with the name of the server
'Also change the word Application (7 and 17 lines below to match the event log)

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Backup)}!\\" & _
        strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application'")

'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strReplace = strText2

For Each objLogfile in colLogFiles
    errBackupLog = objLogFile.BackupEventLog("c:\" & strReplace & "application.evt")
    If errBackupLog <> 0 Then
'I have remed out the line below. You can take the apostrophe away if you would like
' notification if it fails      
        'Wscript.Echo "The Application event log could not be backed up."
    Else
        objLogFile.ClearEventLog()
    End If
Next

'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12272690
mdiglio,

thanks a lot for taking the time trying to help me.

Could you please make it easier and make it work for a server named mj_server
With “SecDate” as the name of Security log file as an example that the script will save.

Thanks a lot for the help man

0
 
LVL 16

Accepted Solution

by:
mdiglio earned 2000 total points
ID: 12273722
This will create a file named Sec(%date%).evt on the root of your C drive
copy the text below into a notepad file and save it with a .vbs extension

Also, before you test this script out please backup your event log manually

'!!!Begin Copy
strComputer = "mj_server"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName ='Security'")
'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strFile = "C:\Sec" & strText2 & ".evt"

For Each objLogFile In colLogFiles
       strBackupLog = objLogFile.BackupEventLog _
           (strFile)
       objLogFile.ClearEventLog()
Next
'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12273746
I love you mdiglio.

thank you so much man
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 12276099
no problem, glad you got it working.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Screencast - Getting to Know the Pipeline
Suggested Courses

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question