Windows XP Event Log export/copy

I'm looking for a way to generate an export or copy of windows XP event log data via a batch file.  Copying seems to corrupt the file (presumably because it is an open file), and I will not be present at the PC to export manually.

any ideas would be appreciated.
dbeckwittAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
hughtwgConnect With a Mentor Commented:
You can create the following vb script and add it to the task scheduler. It will export than truncate all of your logs. You may need to change the folder location d:\EventLogs to where ever you wish to store the logs.

------------------------------------------

dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")

Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile")

For Each objLogfile in colLogFiles
    If objLogFile.FileSize <> 100000 Then
       strBackupLog = objLogFile.BackupEventLog _
           ("D:\Eventlogs\" & strBackupName & objLogFile.LogFileName & ".evt")
       objLogFile.ClearEventLog()
    End If
Next

------------------------------------

-hughtwg

0
 
sirbountyCommented:
There's several scripting methods located here: http://www.microsoft.com/technet/scriptcenter/resources/qanda/events.mspx
I know of no way with batch scripting...
0
 
yessirnosirCommented:
Are you just trying to archive the logs for occasional access?  If that is the goal, one easy solution would be to use backup software on a schedule.  Even the built-in ntbackup tool should do the job; it uses volume shadow copy to get around the open file problem.   To view the files, you would have to restore them as a second step, although I image that could also be automated and scheduled.  
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
MereteCommented:
Yes I  played arouynd with this oneday wondering how I could save them too, I found an easy that works too.
open one of the errors
control panel administrative tools event errors>applications
 by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.

Here is proof it works by left clicking that littler white icon.

Event Type:      Information
Event Source:      SecurityCenter
Event Category:      None
Event ID:      1800
Date:            21/11/2006
Time:            7:23:33 AM
User:            N/A
Computer:      USER
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0
 
MereteCommented:
or r/click applications in the left coloumn and save  logfile as  or export list
0
 
yessirnosirCommented:
hughtwg rocks!
0
 
yessirnosirCommented:
this isn't even my thread, but that script was really educational for me.  thanks hughtwg!  The script worked first time with no modification on my system (other than creating the D:\eventlogs folder)

as I was learning how your script worked, I came across this reference that helped me understand it.  http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
0
 
hughtwgCommented:
Glad I could help. Hopefully dbeckwitt will find it useful also. ;)

-Hugh
0
 
sirbountyCommented:
hughtwg certainly has (imo) the best automated solution, though there were other likely solutions as well, depending on what the author was trying to accomplish.  The link I posted has scripts that will only pull out a certain date range or specified error/warning type...
0
 
yessirnosirCommented:
I'd say all points to hughtwg...
0
 
Jeff PerkinsOwnerCommented:
If everyone was as easy to get along with and as helpful as you guys, cleanup would be a breeze, if not completely unnecessary. Thanks for the help guys, as per your recommendations I'm going to recommend hughtwg
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.