VBscript help

Hi Experts:
I have this VBscript that clears out event log. However, it only clears out security event log. Could someone help me modify this script so it clears out all APP,SEC,and SYS event files?

Thanks
*******************************************************************************************************
strComputer = "."
       
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")
       
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Security'")
For Each objLogfile in colLogFiles
      OutputFile = "c:\" & "Security "
      OutputFile = OutputFile & Day(Now) & "-" & month(now) & "-" & year(now)
      OutputFile = OutputFile & ".evt"
    errBackupLog = objLogFile.BackupEventLog(OutputFile)
    If errBackupLog = 0 Or errBackupLog = 183 Then
          objLogFile.ClearEventLog()
    Else
        Wscript.Echo "The Security event log could not be backed up."
    End If
Next
changjiaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sirbountyCommented:
Use:
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where LogFile='Application'")

and:
Set colEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where LogFile='System'")

Try this one:
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (Backup, Security)}!\\.\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile where LogFileName='Security'")
BackupLog("Security")
 
arrLogs = Array("Application","System")
Set objWMIService = GetObject("winmgmts:\\."\root\cimv2")
For Each log in arrLogs
  Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where LogFile='" & log & "'")
  BackupLog(log)
Next
wscript.quit
 
Sub BackupLog(strLog)
  For Each objLogfile in colLogFiles
    OutputFile = "c:\" & strLog & Day(Now) & "-" & month(now) & "-" & year(now) & ".evt"
    errBackupLog = objLogFile.BackupEventLog(OutputFile)
    If errBackupLog = 0 Or errBackupLog = 183 Then
      objLogFile.ClearEventLog()
    Else
      Wscript.Echo "The Security event log could not be backed up."
    End If
  Next
End Sub

Open in new window

0
changjiaAuthor Commented:
Thanks Sirbounty!
In line 5, do I also need to put "security" in the Array?

Thanks
0
sirbountyCommented:
No, you can check the difference between the objWMIService declaration - security requires just a bit different setup, that's why it's left out...
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

changjiaAuthor Commented:
So, in order to clear all 3 logs, I will need to run your script and my script?

Thanks
0
sirbountyCommented:
No, the script that I attached should comprise all three...
0
changjiaAuthor Commented:
Hi Sirbounty:

When excuse the script, I received the following error message:

Line:6
Charactor:58
Error: Unterminated string constant
code:800A0409

Thanks
0
sirbountyCommented:
Line 6: Set objWMIService = GetObject("winmgmts:\\."\root\cimv2")
should read:

Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
0
changjiaAuthor Commented:
Thanks SirBounty, however, I got another error message:
Line:7
Charactor:1
Error: illegal assignment: 'log'
code:800A01FS
********************************************************
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (Backup, Security)}!\\.\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile where LogFileName='Security'")
BackupLog("Security")
 
arrLogs = Array("Application","System")
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
For Each log in arrLogs
  Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where LogFile='" & log & "'")
  BackupLog(log)
Next
wscript.quit
 
Sub BackupLog(strLog)
  For Each objLogfile in colLogFiles
    OutputFile = "c:\" & strLog & Day(Now) & "-" & month(now) & "-" & year(now) & ".evt"
    errBackupLog = objLogFile.BackupEventLog(OutputFile)
    If errBackupLog = 0 Or errBackupLog = 183 Then
      objLogFile.ClearEventLog()
    Else
      Wscript.Echo "The Security event log could not be backed up."
    End If
  Next
End Sub
0
sirbountyCommented:
Oops - log must be a reserved word...try changing it to strLog:
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (Backup, Security)}!\\.\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile where LogFileName='Security'")
BackupLog("Security")
 
arrLogs = Array("Application","System")
Set objWMIService = GetObject("winmgmts:\\."\root\cimv2")
For Each strlog in arrLogs
  Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where LogFile='" & strlog & "'")
  BackupLog(strlog)
Next
wscript.quit
 
Sub BackupLog(strLog)
  For Each objLogfile in colLogFiles
    OutputFile = "c:\" & strLog & Day(Now) & "-" & month(now) & "-" & year(now) & ".evt"
    errBackupLog = objLogFile.BackupEventLog(OutputFile)
    If errBackupLog = 0 Or errBackupLog = 183 Then
      objLogFile.ClearEventLog()
    Else
      Wscript.Echo "The Security event log could not be backed up."
    End If
  Next
End Sub

Open in new window

0
changjiaAuthor Commented:
Sirbounty:

I got the same error message as I got before,

Line:6
Charactor:58
Error: Unterminated string constant
code:800A0409
0
sirbountyCommented:
Arg again - try this:
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, (Backup, Security)}!\\.\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile where LogFileName='Security'")
BackupLog("Security")
 
arrLogs = Array("Application","System")
Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")
For Each strlog in arrLogs
  Set colEvents = objWMIService.ExecQuery ("Select * from Win32_NTLogEvent Where LogFile='" & strlog & "'")
  BackupLog(strlog)
Next
wscript.quit
 
Sub BackupLog(strLog)
  For Each objLogfile in colLogFiles
    OutputFile = "c:\" & strLog & Day(Now) & "-" & month(now) & "-" & year(now) & ".evt"
    errBackupLog = objLogFile.BackupEventLog(OutputFile)
    If errBackupLog = 0 Or errBackupLog = 183 Then
      objLogFile.ClearEventLog()
    Else
      Wscript.Echo "The Security event log could not be backed up."
    End If
  Next
End Sub

Open in new window

0
changjiaAuthor Commented:
Hi Sirbounty:

I didnt get any error message this time. However, it only clears security log not application nor system log.....
0
sirbountyCommented:
Sorry about that - let's try a simpler approach...
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\.\root\cimv2")
 
arrLogs = Array("Application","System")
 
For Each strLog in arrLogs
  Set colLogs = objWMI.ExecQuery ("Select * From Win32_NTEventLogFile Where LogFileName = '" & strLog & "'")
  ClearLog
Next
 
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!\\.\root\cimv2")
Set colLogs = objWMI.ExecQuery ("Select * From Win32_NTEventLogFile Where LogFileName = 'Security'")
ClearLog
 
Set colLogs = Nothing
Set objWMI = Nothing
wscript.quit
 
Sub ClearLog()
  For Each objLog in colLogs
    OutputFile = "c:\" & objLog.LogFileName & Day(Now) & "-" & month(now) & "-" & year(now) & ".evt"
    errBackupLog = objLogFile.BackupEventLog(OutputFile)
    objLog.ClearEventLog()
  Next
End Sub

Open in new window

0
changjiaAuthor Commented:
Hi Master sirbounty:

Thanks so much for helping me over here.
I received error message when ran the script.

line:21
Char:5
error: Object required: objlogfile
code: 800A01A8

Thanks
0
sirbountyCommented:
Remove 'file' from that line... (line 21)

Should read:
    errBackupLog = objLog.BackupEventLog(OutputFile)
not
    errBackupLog = objLogFile.BackupEventLog(OutputFile)
0
changjiaAuthor Commented:
got another error:

line:21
Char:5
error: Access denied
code: 80041003
0
sirbountyCommented:
Using Admin account?
0
changjiaAuthor Commented:
yup.
0
changjiaAuthor Commented:
I think it has something to do with the app and sys files being used by the system...
0
sirbountyCommented:
Shouldn't - mine are wiped clean as of my last test... : \
Hmm - let me try it on another system...
0
sirbountyCommented:
Looks like it's the security log.  You should actually have valid App & System logs...
I'll see if I can figure out the cause...
0
sirbountyCommented:
This should work:
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup,Security)}!\\.\root\cimv2")
arrLogs = Array("Application","Security","System")
 
For Each strLog in arrLogs
  Set colLogs = objWMI.ExecQuery ("Select * From Win32_NTEventLogFile Where LogFileName = '" & strLog & "'")
  ClearLog
Next
 
Set colLogs = Nothing
Set objWMI = Nothing
wscript.quit 
 
Sub ClearLog()
  For Each objLog in colLogs
    OutputFile = "c:\" & objLog.LogFileName & Day(Now) & "-" & month(now) & "-" & year(now) & ".evt"
    errBackupLog = objLog.BackupEventLog(OutputFile)
    objLog.ClearEventLog()
  Next
End Sub

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
changjiaAuthor Commented:
Sirbounty:

It ran without any error and it clears all 3 logs!!
However, I notice that application log stop recording after the script. System and Sec logs are Ok.Have you expericed this problem?

Thanks

0
sirbountyCommented:
Nope - try hitting F5 or close and reopen it.  App log can be sparsely populated depending on what's going on...can't think of any reason it would quit logging...
0
changjiaAuthor Commented:
I have tried F5 and reopen it many times, still nothing in the app log. I will continue monitor it for the next couple hours.

Thanks for the help! You have been great!
0
changjiaAuthor Commented:
Hi Sirbounty:
Everything is good. Thank you very much for you help!!
0
sirbountyCommented:
Happy to help - thanx for the grade! :^)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.