Solved

how to save a copy of Event Logs then clear it??

Posted on 2004-10-10
5
312 Views
Last Modified: 2010-04-19
hi guys,

I am looking for a script that would save a copy of the event logs using the currne date as the name such as Seclog091004 and save it in a specific location if possible.

I am running Windows Server 2003.

where can I find it?

thanks guys
0
Comment
Question by:mjalmassud
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 12272344
Hello,
Here is a script from ms technet

'!!!Begin Copy
'replace the "." below if this script will run on a remote machine with the name of the server
'Also change the word Application (7 and 17 lines below to match the event log)

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Backup)}!\\" & _
        strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application'")

'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strReplace = strText2

For Each objLogfile in colLogFiles
    errBackupLog = objLogFile.BackupEventLog("c:\" & strReplace & "application.evt")
    If errBackupLog <> 0 Then
'I have remed out the line below. You can take the apostrophe away if you would like
' notification if it fails      
        'Wscript.Echo "The Application event log could not be backed up."
    Else
        objLogFile.ClearEventLog()
    End If
Next

'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12272690
mdiglio,

thanks a lot for taking the time trying to help me.

Could you please make it easier and make it work for a server named mj_server
With “SecDate” as the name of Security log file as an example that the script will save.

Thanks a lot for the help man

0
 
LVL 16

Accepted Solution

by:
mdiglio earned 500 total points
ID: 12273722
This will create a file named Sec(%date%).evt on the root of your C drive
copy the text below into a notepad file and save it with a .vbs extension

Also, before you test this script out please backup your event log manually

'!!!Begin Copy
strComputer = "mj_server"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName ='Security'")
'manipulate the date from 01/02/04 to 01_02_04
strtext = Date
strRepl ="_"
strUnwanted ="/"
strText2 = Replace(strText, strUnwanted ,  strRepl)
strFile = "C:\Sec" & strText2 & ".evt"

For Each objLogFile In colLogFiles
       strBackupLog = objLogFile.BackupEventLog _
           (strFile)
       objLogFile.ClearEventLog()
Next
'!!!End Copy
0
 
LVL 1

Author Comment

by:mjalmassud
ID: 12273746
I love you mdiglio.

thank you so much man
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 12276099
no problem, glad you got it working.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video discusses moving either the default database or any database to a new volume.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now