Solved

how to save a copy of Event Logs then clear it??

Posted on 2004-10-10
5
317 Views
Last Modified: 2010-04-19
hi guys,

I am looking for a script that would save a copy of the event logs using the currne date as the name such as Seclog091004 and save it in a specific location if possible.

I am running Windows Server 2003.

where can I find it?

thanks guys
0
Comment
Question by:mjalmassud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 12272344
Hello,
Here is a script from ms technet

'!!!Begin Copy
'replace the "." below if this script will run on a remote machine with the name of the server
'Also change the word Application (7 and 17 lines below to match the event log)

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Backup)}!\\" & _
        strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application'")

'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strReplace = strText2

For Each objLogfile in colLogFiles
    errBackupLog = objLogFile.BackupEventLog("c:\" & strReplace & "application.evt")
    If errBackupLog <> 0 Then
'I have remed out the line below. You can take the apostrophe away if you would like
' notification if it fails      
        'Wscript.Echo "The Application event log could not be backed up."
    Else
        objLogFile.ClearEventLog()
    End If
Next

'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12272690
mdiglio,

thanks a lot for taking the time trying to help me.

Could you please make it easier and make it work for a server named mj_server
With “SecDate” as the name of Security log file as an example that the script will save.

Thanks a lot for the help man

0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 12273722
This will create a file named Sec(%date%).evt on the root of your C drive
copy the text below into a notepad file and save it with a .vbs extension

Also, before you test this script out please backup your event log manually

'!!!Begin Copy
strComputer = "mj_server"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName ='Security'")
'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strFile = "C:\Sec" & strText2 & ".evt"

For Each objLogFile In colLogFiles
       strBackupLog = objLogFile.BackupEventLog _
           (strFile)
       objLogFile.ClearEventLog()
Next
'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12273746
I love you mdiglio.

thank you so much man
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 12276099
no problem, glad you got it working.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ms Filer Server Migration toolkit issues 2 111
Event ID: 1202 / Source: SceCli 6 151
Trasfering FSMO roles 8 112
Computer software inventory 5 128
Learn about cloud computing and its benefits for small business owners.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question