PeopleSoft Adoption Made Smooth & Simple!
On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool. Claim Your Free WalkMe Account Now
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Windows XP Event Log export/copy
Posted on 2006-11-20
I'm looking for a way to generate an export or copy of windows XP event log data via a batch file. Copying seems to corrupt the file (presumably because it is an open file), and I will not be present at the PC to export manually.
any ideas would be appreciated.
any ideas would be appreciated.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
2- +2
14 Comments
There's several scripting methods located here: http://www.microsoft.com/technet/scriptcenter/resources/qanda/events.mspx
I know of no way with batch scripting...
I know of no way with batch scripting...
Are you just trying to archive the logs for occasional access? If that is the goal, one easy solution would be to use backup software on a schedule. Even the built-in ntbackup tool should do the job; it uses volume shadow copy to get around the open file problem. To view the files, you would have to restore them as a second step, although I image that could also be automated and scheduled.
Active 1 day ago
Yes I played arouynd with this oneday wondering how I could save them too, I found an easy that works too.
open one of the errors
control panel administrative tools event errors>applications
by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.
Here is proof it works by left clicking that littler white icon.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 21/11/2006
Time: 7:23:33 AM
User: N/A
Computer: USER
Description:
The Windows Security Center Service has started.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
open one of the errors
control panel administrative tools event errors>applications
by double clicking an error to open the panel then look over to the right see the little white icon below teh down arrow click on that that copies it. then paste it into here or word etc.
In the Action button export list.
Here is proof it works by left clicking that littler white icon.
Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 21/11/2006
Time: 7:23:33 AM
User: N/A
Computer: USER
Description:
The Windows Security Center Service has started.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
You can create the following vb script and add it to the task scheduler. It will export than truncate all of your logs. You may need to change the folder location d:\EventLogs to where ever you wish to store the logs.
--------------------------
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile")
For Each objLogfile in colLogFiles
If objLogFile.FileSize <> 100000 Then
strBackupLog = objLogFile.BackupEventLog _
("D:\Eventlogs\" & strBackupName & objLogFile.LogFileName & ".evt")
objLogFile.ClearEventLog()
End If
Next
--------------------------
-hughtwg
--------------------------
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=imper
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile")
For Each objLogfile in colLogFiles
If objLogFile.FileSize <> 100000 Then
strBackupLog = objLogFile.BackupEventLog _
("D:\Eventlogs\" & strBackupName & objLogFile.LogFileName & ".evt")
objLogFile.ClearEventLog()
End If
Next
--------------------------
-hughtwg
this isn't even my thread, but that script was really educational for me. thanks hughtwg! The script worked first time with no modification on my system (other than creating the D:\eventlogs folder)
as I was learning how your script worked, I came across this reference that helped me understand it. http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
as I was learning how your script worked, I came across this reference that helped me understand it. http://www.microsoft.com/technet/scriptcenter/guide/sas_log_pcna.mspx?mfr=true
there is a good explanation in there of why you can't just copy an event log; you have to use the "Event Log Backup API"
hughtwg certainly has (imo) the best automated solution, though there were other likely solutions as well, depending on what the author was trying to accomplish. The link I posted has scripts that will only pull out a certain date range or specified error/warning type...
Featured Post
![[Webinar] Learn How Hackers Steal Your Credentials](https://filedb.experts-exchange.com/files/public/2017/5/21/e0b7778f-e79e-4b5d-9ec6-5496e40be42e.png)
Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In this article, you will read about the trends across the human resources departments for the upcoming year. Some of them include improving employee experience, adopting new technologies, using HR software to its full extent, and integrating artifi…
This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
- Software-Other
- Databases
- MySQL Server
- MongoDB
- NoSQL Databases
- Percona, *Monitoring tool
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 14 hours left to enroll
623 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.