[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Event log backup using C# and WMI

Posted on 2009-12-21
5
Medium Priority
?
1,713 Views
Last Modified: 2013-12-17
I need to maintain a years worth of eventlogs on over 200 systems. Because of several environmental factors I've decied to add some functionallity to the monitor service we already have running on all the systems.

During my development, I am getting an "Access Denied" error with the attached code. I'm sure it's because I'm not assing credentials, but I can't find any examples of it in C#. Can anyone assist? I think I can convert from VB.net if anyone has an example of that?

Sorry, the error is coming from the InvokeMethod.
ConnectionOptions oConn = new ConnectionOptions();
            ManagementScope oMs = new ManagementScope(@"\\localhost", oConn);

            ObjectQuery oQry = new ObjectQuery("select * from Win32_NTEventLogFile");

            ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oMs, oQry);

            ManagementObjectCollection oRtnColl = oSearcher.Get();

            foreach (ManagementObject oRtn in oRtnColl)
            {
                Console.Write("Name: " + oRtn["Name"].ToString() + "\t");
                Console.WriteLine("FileName: " + oRtn["LogfileName"].ToString());
                
                Object[] file = {@"C:\Test" + oRtn["Name"].ToString()};
                               
                oRtn.InvokeMethod("BackupEventlog", file);
                //Console.WriteLine("FreeSpace: " + oRtn["FreeSpace"].ToString());
                //Console.WriteLine("Size: " + oRtn["Size"].ToString());

            }

Open in new window

0
Comment
Question by:dgerler
  • 3
  • 2
5 Comments
 

Author Comment

by:dgerler
ID: 26099381
If someone has a better method of creating the backups of the eventlogs on the local machine, that would be appreciated as well.
0
 
LVL 10

Accepted Solution

by:
anv earned 1500 total points
ID: 26102487
0
 
LVL 10

Assisted Solution

by:anv
anv earned 1500 total points
ID: 26102489
0
 

Author Closing Comment

by:dgerler
ID: 31668549
I gave a 'B' because it wasn't using C# or WMI, but since I opened the field for a "better method" I still want to award the points.
0
 

Author Comment

by:dgerler
ID: 26325463
I actually solved this using C# and WMI, but since I opened the field to a "Better Method" the experts desrve the points for providing a solution.

My is shown in the code below....

The key to my problem was the impersonation.
       static void Main(string[] args)
        {
            try
            {
                ConnectionOptions oConn = new ConnectionOptions();

                oConn.Impersonation = ImpersonationLevel.Impersonate;
                oConn.EnablePrivileges = true;
                oConn.Authentication = AuthenticationLevel.Default;

                ManagementScope oMs = new ManagementScope(@"\\localhost\root\cimv2", oConn);

                oMs.Connect();

                ObjectQuery oQry = new ObjectQuery("select * from Win32_NTEventLogFile");

                ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oMs, oQry);

                ManagementObjectCollection oRtnColl = oSearcher.Get();

                //Console.WriteLine(WindowsIdentity.GetCurrent().Name);

                ManagementPath path = new ManagementPath("Win32_NTEventLogFile");
                ManagementClass logClass = new ManagementClass(oMs, path, null);

                ManagementBaseObject inParams = logClass.GetMethodParameters("BackupEventlog");

                foreach (ManagementObject oRtn in oRtnColl)
                {
                    Console.Write("Name: " + oRtn["Name"].ToString() + "\t");
                    Console.WriteLine("FileName: " + oRtn["LogfileName"].ToString());

                    string logDir = @"C:\log\EventLogs\";
                    DirectoryInfo di = new DirectoryInfo(logDir);
                    if (!di.Exists)
                    {
                        di.Create();
                    }
                    FileInfo fi = new FileInfo(logDir + oRtn["LogFileName"].ToString() + DateTime.Now.ToString("yyyyMMdd") + ".evt");

                    inParams["ArchiveFileName"] = fi.FullName;

                    oRtn.InvokeMethod("BackupEventlog", inParams, null);
                    oRtn.InvokeMethod("ClearEventlog", null);
                }
            }
            catch(Exception ex)
            {

            }
            Console.ReadLine();

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In real business world data are crucial and sometimes data are shared among different information systems. Hence, an agreeable file transfer protocol need to be established.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month20 days, 7 hours left to enroll

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question