changjia
asked on
powershell script to save the event log and clear it
Hi Guys,
I have a text file that contains a list of computer names.
I need a script to read the content of the text file and get the event logs from each computer on the list, if the event size is bigger than 20MB, save it and clear it.
Can someone help with this?
Thanks in advance.
I have a text file that contains a list of computer names.
I need a script to read the content of the text file and get the event logs from each computer on the list, if the event size is bigger than 20MB, save it and clear it.
Can someone help with this?
Thanks in advance.
ASKER
Thanks Chirs.
I have a text file that has a list of computer names. How to read each computer name and do the above script on each computer?
Thanks
I have a text file that has a list of computer names. How to read each computer name and do the above script on each computer?
Thanks
Sorry, I had meant to include that part. Modified here.
You are quite likely to find that the path is saves to is local to the system you're running against. I'd be surprised if it were anything else.
Chris
Get-Content "SomeFile.txt" | %{
# Get Event Logs files over 20Mb
Get-WMIObject Win32_NTEventLogFile -Computer $_ `
-Filter "FileSize>20971520" | %{
# Save it
$_.BackupEventLog("C:\SomePath\$($_.LogFileName).evt")
# Clear it
$_.ClearEventLog()
}
}
ASKER
Awesome! Is there a way to add computername and date to name of the saved event log?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That will do it! I am doing the test now and will let you know the result.
Thanks for your help and you 100% deserver the 500 points.
Thanks for your help and you 100% deserver the 500 points.
ASKER
I am getting this error when excute this script:
Exception calling "BackupEventlog" : "Access denied
Please advise.
Thanks
Exception calling "BackupEventlog" : "Access denied
Please advise.
Thanks
Either you don't have permission to perform the operation (at all) or you can't write to the specified path. Does the path exist? Remember it's almost certainly going to be using a path relative to the client (rather than relative to where you run the script).
Chris
ASKER
I figured it out, I added this to the middle of the script,
%{$_.PSBase.Scope.Options.
Then it works beautifully!
Thanks for your help!
%{$_.PSBase.Scope.Options.
Then it works beautifully!
Thanks for your help!
ASKER
So this is the script running now, beatiful.
$Date = Get-Date -Format ddMMyyyy
Get-Content "SomeFile.txt" | %{
$Computer = $_
# Get Event Logs files over 20Mb
Get-WMIObject Win32_NTEventLogFile -Computername $Computer `
-Filter "FileSize>20971520" | %{$_.PSBase.Scope.Options.
# Save it
$_.BackupEventLog("C:\Some
# Clear it
$_.ClearEventLog()
}
}
$Date = Get-Date -Format ddMMyyyy
Get-Content "SomeFile.txt" | %{
$Computer = $_
# Get Event Logs files over 20Mb
Get-WMIObject Win32_NTEventLogFile -Computername $Computer `
-Filter "FileSize>20971520" | %{$_.PSBase.Scope.Options.
# Save it
$_.BackupEventLog("C:\Some
# Clear it
$_.ClearEventLog()
}
}
Excellent :) I forgot about user account control :)
Chris
Question,
I need something like this, but I can't seem to run it. I created a folder and a txt file with the computer names, and a vbs file with changjia script. I run the script and i get an error: Invalid Character Line 1 char 1. Can you help me please. What am i doing wrong.
thanks in advance
I need something like this, but I can't seem to run it. I created a folder and a txt file with the computer names, and a vbs file with changjia script. I run the script and i get an error: Invalid Character Line 1 char 1. Can you help me please. What am i doing wrong.
thanks in advance
Hopefully nice and easy :) Naturally it requires testing.
HTH
Chris
Open in new window