With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.
Course Of The Month
5 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Windows XP Event Log export/copy
Posted on 2006-11-20
I'm looking for a way to generate an export or copy of windows XP event log data via a batch file. Copying seems to corrupt the file (presumably because it is an open file), and I will not be present at the PC to export manually.
any ideas would be appreciated.
any ideas would be appreciated.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
2- +2
14 Comments
Active 4 days ago
There's several scripting methods located here: http://www.microsoft.com/technet/scriptcenter/resources/qanda/events.mspx
I know of no way with batch scripting...
I know of no way with batch scripting...
Are you just trying to archive the logs for occasional access? If that is the goal, one easy solution would be to use backup software on a schedule. Even the built-in ntbackup tool should do the job; it uses volume shadow copy to get around the open file problem. To view the files, you would have to restore them as a second step, although I image that could also be automated and scheduled.
Active 2 days ago
Yes I played arouynd with this oneday wondering how I could save them too, I found an easy that works too.
open one of the errors
control panel administrative tools event errors>applications
by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.
Here is proof it works by left clicking that littler white icon.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 21/11/2006
Time: 7:23:33 AM
User: N/A
Computer: USER
Description:
The Windows Security Center Service has started.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
open one of the errors
control panel administrative tools event errors>applications
by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.
Here is proof it works by left clicking that littler white icon.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 21/11/2006
Time: 7:23:33 AM
User: N/A
Computer: USER
Description:
The Windows Security Center Service has started.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
You can create the following vb script and add it to the task scheduler. It will export than truncate all of your logs. You may need to change the folder location d:\EventLogs to where ever you wish to store the logs.
--------------------------
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile")
For Each objLogfile in colLogFiles
If objLogFile.FileSize <> 100000 Then
strBackupLog = objLogFile.BackupEventLog _
("D:\Eventlogs\" & strBackupName & objLogFile.LogFileName & ".evt")
objLogFile.ClearEventLog()
End If
Next
--------------------------
-hughtwg
--------------------------
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile")
For Each objLogfile in colLogFiles
If objLogFile.FileSize <> 100000 Then
strBackupLog = objLogFile.BackupEventLog _
("D:\Eventlogs\" & strBackupName & objLogFile.LogFileName & ".evt")
objLogFile.ClearEventLog()
End If
Next
--------------------------
-hughtwg
this isn't even my thread, but that script was really educational for me. thanks hughtwg! The script worked first time with no modification on my system (other than creating the D:\eventlogs folder)
as I was learning how your script worked, I came across this reference that helped me understand it. http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
as I was learning how your script worked, I came across this reference that helped me understand it. http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
Active 4 days ago
hughtwg certainly has (imo) the best automated solution, though there were other likely solutions as well, depending on what the author was trying to accomplish. The link I posted has scripts that will only pull out a certain date range or specified error/warning type...
Featured Post
Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Looking for good Imaging Software | 6 | 89 | |
| how to import all mozilla book marks to IE browser | 4 | 26 | |
| Need advice on an App idea......but who do I ask? | 2 | 69 | |
| Esxi host upgrade | 16 | 99 |
This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
This article was originally published on Monitis Blog, you can check it
here
.
If you have responsibility for software in production, I bet you’d like to know more about it. I don’t mean that you’d like an extra peek into the bowels of the sourc…
- Software-Other
- Web Applications
- Magento
- magento2
- Web Development Software
- Monitis, Networking
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Suggested Courses
Course of the Month5 days, 15 hours left to enroll
734 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.