How to clear event log and archives them to a log file via CMD/VBS

Hi Experts,

I need to clear and archive Event logs under Windows 2008 Server using a script or a batch file. Maybe someone knows a VB Script what can do this and can tell me how to use it.

I want to archive the Systems logs and the Application logs.
I found scripts under http://msdn.microsoft.com/en-gb/library/bb671203%28VS.90%29.aspx but I didn't understand how to use them.

Please help me! Thanks for all given answers.  
dornmxAsked:
Who is Participating?
 
yehudahaConnect With a Mentor Commented:
save as vbs
strLog = "Application"                
strBackupFile = "C:\Application.evt" 
strComputer = "."       

set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where Logfilename = '" & strLog & "'")
if colLogs.Count <> 1 then
   WScript.Echo "Fatal error.  Number of logs found: " & colLogs.Count
   WScript.Quit
end if
for each objLog in colLogs
   objLog.BackupEventLog strBackupFile
   objLog.ClearEventLog()
   WScript.Echo strLog & " backed up to " & strBackupFile
Next

Open in new window

0
 
dornmxAuthor Commented:
Hi yehudaha,

First thanks to you for the code!

I have tried it, but it says:
Error: invalid Command for 'for'-loop
code: 800A0410
0
 
yehudahaCommented:
od didn't got this error before and the script work fine for me

can you try on another computer ?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
dornmxAuthor Commented:
I have tested it now, but its still the same error...
I have googled the error code and found much about arrays..
0
 
dornmxAuthor Commented:
but if I do this with the code:

strLog = "Application"                
strBackupFile = "C:\Application.evtx"
strComputer = "."      

set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where Logfilename = '" & strLog & "'")
if colLogs.Count <> 1 then
   WScript.Echo "Fatal error.  Number of logs found: " & colLogs.Count
   WScript.Quit
end if
for each objLog in colLogs
   objLog.BackupEventLog strBackupFile
   objLog.ClearEventLog()
   WScript.Echo strLog & " backed up to " & strBackupFile
NextstrLog = "Application"                
strBackupFile = "C:\Application.evt"
strComputer = "."      

set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where Logfilename = '" & strLog & "'")
if colLogs.Count <> 1 then
   WScript.Echo "Fatal error.  Number of logs found: " & colLogs.Count
   WScript.Quit
end if

Next

everything is fine for me!
0
 
dornmxAuthor Commented:
Can you tell me now how to connect the Application log export and the System log export?
0
 
yehudahaCommented:
great

glad i could assist :-)
0
 
yehudahaCommented:
odd

didn't see your question

you all ready connected to the application log, for the syste, log just change this entries

strLog = "Application"    

to

strLog = "system"  
0
 
dornmxAuthor Commented:
yes now I see it! Thanks for your help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.