Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 13224
  • Last Modified:

VBscript error Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate, (Backup, Security)}!\\" & strComputer & "\root\cimv2")

I have written a script to backup and clear the windows event log daily. The script is as follows. So far I have encountered 2 errors. The first one is out of memory which I resolved after rebooting the server. The second error I received recently is "the RPC server is too busy to complete this operations". I have also placed this script in a number of other servers and they are running fine.

strComputer = "."
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strDirPath = "c:\audit\"

strDate = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strCSV = strDirPath & "csv\" & strDate & "_Security.csv"
strEVT = strDirPath & "logs\" & strDate
strEVTSecurity = strDirPath & "logs\" & strDate & "_Security.evt"

'The error always return from this line. It seems like there is a memory issue here
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate, (Backup, Security)}!\\" & strComputer & "\root\cimv2")

Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile")

'Backup log in log directory folder and clear all logs in win32
For Each objLogfile in colLogFiles
     objLogFile.BackupEventLog(strEVT & "_" & objLogFile.LogFileName & ".evt")
         objLogFile.ClearEventLog()
Next

' Running the LogParser to process evt to csv
' EventID = 680 is for local
' EventID = 673 is for domain
strParm = "LogParser -i:EVT -o:CSV ""SELECT TO_DATE(TimeGenerated), TO_TIME(TimeGenerated), EventTypeName, EventCategoryName, EXTRACT_TOKEN(Strings, 0, '|'), EXTRACT_TOKEN(Strings, -1, '|'), ComputerName INTO "
strFullParm = strParm & strCSV & " FROM " & strEVTSecurity & " WHERE EventID = 673"
Set WshShell = WScript.CreateObject("WScript.Shell")
x=WshShell.Run(strFullParm)
0
dc-ops
Asked:
dc-ops
1 Solution
 
mackengaCommented:
The RPC service on Windows is notoriously unreliable.  Generally if it fails, it's worth trying again; if not, unfortunately on Windows you're relatively stuck.  You could maybe try any hotfixes etc and make sure your server is up to date (I don't know of a specific one that is known to fix this sort of problem).  Other than that, I'll pass this over to the room...
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now