Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat. The purpose of this eBook is to educate the reader about ransomware attacks.
Solved
Windows XP Event Log export/copy
Posted on 2006-11-20
I'm looking for a way to generate an export or copy of windows XP event log data via a batch file. Copying seems to corrupt the file (presumably because it is an open file), and I will not be present at the PC to export manually.
any ideas would be appreciated.
any ideas would be appreciated.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
2- +2
14 Comments
Active today
There's several scripting methods located here: http://www.microsoft.com/technet/scriptcenter/resources/qanda/events.mspx
I know of no way with batch scripting...
I know of no way with batch scripting...
Are you just trying to archive the logs for occasional access? If that is the goal, one easy solution would be to use backup software on a schedule. Even the built-in ntbackup tool should do the job; it uses volume shadow copy to get around the open file problem. To view the files, you would have to restore them as a second step, although I image that could also be automated and scheduled.
Active 1 day ago
Yes I played arouynd with this oneday wondering how I could save them too, I found an easy that works too.
open one of the errors
control panel administrative tools event errors>applications
by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.
Here is proof it works by left clicking that littler white icon.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 21/11/2006
Time: 7:23:33 AM
User: N/A
Computer: USER
Description:
The Windows Security Center Service has started.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
open one of the errors
control panel administrative tools event errors>applications
by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.
Here is proof it works by left clicking that littler white icon.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 21/11/2006
Time: 7:23:33 AM
User: N/A
Computer: USER
Description:
The Windows Security Center Service has started.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
You can create the following vb script and add it to the task scheduler. It will export than truncate all of your logs. You may need to change the folder location d:\EventLogs to where ever you wish to store the logs.
--------------------------
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile")
For Each objLogfile in colLogFiles
If objLogFile.FileSize <> 100000 Then
strBackupLog = objLogFile.BackupEventLog _
("D:\Eventlogs\" & strBackupName & objLogFile.LogFileName & ".evt")
objLogFile.ClearEventLog()
End If
Next
--------------------------
-hughtwg
--------------------------
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile")
For Each objLogfile in colLogFiles
If objLogFile.FileSize <> 100000 Then
strBackupLog = objLogFile.BackupEventLog _
("D:\Eventlogs\" & strBackupName & objLogFile.LogFileName & ".evt")
objLogFile.ClearEventLog()
End If
Next
--------------------------
-hughtwg
this isn't even my thread, but that script was really educational for me. thanks hughtwg! The script worked first time with no modification on my system (other than creating the D:\eventlogs folder)
as I was learning how your script worked, I came across this reference that helped me understand it. http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
as I was learning how your script worked, I came across this reference that helped me understand it. http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
Active today
hughtwg certainly has (imo) the best automated solution, though there were other likely solutions as well, depending on what the author was trying to accomplish. The link I posted has scripts that will only pull out a certain date range or specified error/warning type...
Featured Post
Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
This article was originally published on Monitis Blog, you can check it
here
.
If you have responsibility for software in production, I bet you’d like to know more about it. I don’t mean that you’d like an extra peek into the bowels of the sourc…
- Software-Other
- Web Applications
- Magento
- Web Development Software
- Monitis
- Networking, *magento2
Viewers will learn how to use the Hootsuite Dashboard.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month9 days, 16 hours left to enroll
722 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.