How to clear event log and archives them to a log file via CMD/VBS

Hi Experts,

I need to clear and archive Event logs under Windows 2008 Server using a script or a batch file. Maybe someone knows a VB Script what can do this and can tell me how to use it.

I want to archive the Systems logs and the Application logs.
I found scripts under http://msdn.microsoft.com/en-gb/library/bb671203%28VS.90%29.aspx but I didn't understand how to use them.

Please help me! Thanks for all given answers.  
dornmxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yehudahaCommented:
save as vbs
strLog = "Application"                
strBackupFile = "C:\Application.evt" 
strComputer = "."       

set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where Logfilename = '" & strLog & "'")
if colLogs.Count <> 1 then
   WScript.Echo "Fatal error.  Number of logs found: " & colLogs.Count
   WScript.Quit
end if
for each objLog in colLogs
   objLog.BackupEventLog strBackupFile
   objLog.ClearEventLog()
   WScript.Echo strLog & " backed up to " & strBackupFile
Next

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dornmxAuthor Commented:
Hi yehudaha,

First thanks to you for the code!

I have tried it, but it says:
Error: invalid Command for 'for'-loop
code: 800A0410
0
yehudahaCommented:
od didn't got this error before and the script work fine for me

can you try on another computer ?
0
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

dornmxAuthor Commented:
I have tested it now, but its still the same error...
I have googled the error code and found much about arrays..
0
dornmxAuthor Commented:
but if I do this with the code:

strLog = "Application"                
strBackupFile = "C:\Application.evtx"
strComputer = "."      

set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where Logfilename = '" & strLog & "'")
if colLogs.Count <> 1 then
   WScript.Echo "Fatal error.  Number of logs found: " & colLogs.Count
   WScript.Quit
end if
for each objLog in colLogs
   objLog.BackupEventLog strBackupFile
   objLog.ClearEventLog()
   WScript.Echo strLog & " backed up to " & strBackupFile
NextstrLog = "Application"                
strBackupFile = "C:\Application.evt"
strComputer = "."      

set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where Logfilename = '" & strLog & "'")
if colLogs.Count <> 1 then
   WScript.Echo "Fatal error.  Number of logs found: " & colLogs.Count
   WScript.Quit
end if

Next

everything is fine for me!
0
dornmxAuthor Commented:
Can you tell me now how to connect the Application log export and the System log export?
0
yehudahaCommented:
great

glad i could assist :-)
0
yehudahaCommented:
odd

didn't see your question

you all ready connected to the application log, for the syste, log just change this entries

strLog = "Application"    

to

strLog = "system"  
0
dornmxAuthor Commented:
yes now I see it! Thanks for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.