asked on

how to save a copy of Event Logs then clear it??

hi guys,

I am looking for a script that would save a copy of the event logs using the currne date as the name such as Seclog091004 and save it in a specific location if possible.

I am running Windows Server 2003.

where can I find it?

thanks guys

mdiglio

Hello,
Here is a script from ms technet

'!!!Begin Copy
'replace the "." below if this script will run on a remote machine with the name of the server
'Also change the word Application (7 and 17 lines below to match the event log)

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Application'")

'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted , strRepl)
strReplace = strText2

For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\" & strReplace & "application.evt")
If errBackupLog <> 0 Then
'I have remed out the line below. You can take the apostrophe away if you would like
' notification if it fails
'Wscript.Echo "The Application event log could not be backed up."
Else
objLogFile.ClearEventLog()
End If
Next

'!!!End Copy

mjalmassud

ASKER

mdiglio,

thanks a lot for taking the time trying to help me.

Could you please make it easier and make it work for a server named mj_server
With “SecDate” as the name of Security log file as an example that the script will save.

Thanks a lot for the help man

ASKER CERTIFIED SOLUTION

mdiglio

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mjalmassud

ASKER

I love you mdiglio.

thank you so much man

mdiglio

no problem, glad you got it working.