Event Logs (Application, System, Security event logs) script for Windows Server 2008 R2

Refer below links

http://technet.microsoft.com/en-us/library/ee176696.aspx

http://blogs.msdn.com/b/jjameson/archive/2011/03/01/script-to-clear-and-save-event-logs.aspx

You can also use Sysinternals psloglist in a task.  I use it to catch my rapidly turning over Security Log events every 5 minutes:

d:
cd \locks

psloglist /accepteula \\dc1,dc2 -i 4767,4771,1625,4772,4724,4740 security -s -m 10 >testdc1.txt
psloglist /accepteula \\dc1,dc2 -i 4298 application -s -m 18 >>testdc1.txt

Set CURRDATE=CURRDATE.TMP
Set CURRTIME=CURRTIME.TMP

DATE /T > %CURRDATE%
TIME /T > %CURRTIME%

Set PARSEARG="eol=; tokens=1,2,3,4* delims=/, "
For /F %PARSEARG% %%i in (%CURRDATE%) Do SET YYYYMMDD=%%l%%k%%j

Set PARSEARG="eol=; tokens=1,2,3* delims=:, "
For /F %PARSEARG% %%i in (%CURRTIME%) Do Set HHMM=%%i%%j%%k

rem Echo RENAME %1 %1_%YYYYMMDD%%HHMM%
RENAME testdc1.txt  %YYYYMMDD%%HHMM%.txt

move d:\locks\*.txt d:\dsdata\locklogs

This works to capture the log data.  I just set the logs to overwrite old events.
- gurutc

It seems like most people don't know about this feature, but Windows will rotate the log files automatically if so-configured. Look for "AutoBackupLogFiles" in this file.

You can configure this on a server-for-server basis, but that's tedious for a large number of servers. I created an Administrative Template to set this on server computers, and then scripted a startup script to add a scheduled task to periodically pick up, ZIP, and move the log files to a retention location. It worked really well, and was cheap!

http://mx02.wellbury.com/misc/EventLogPolicy.adm

for more help take a look

http://msdn.microsoft.com/en-us/library/aa363648(VS.85).aspx

Good post, but our log files turn over so fast that we only grab the events we care about.  Psloglist will hit all our DCs from one DC.  Not saying the autobackuplogfiles isn't a good idea, but we'd use gigs of space per day at the rate our logs fill.

- gurutc

WEVTUTIL.EXE works great in a command prompt. Tried to run the 3-lines in a .bat file manually before putting them in and nothing happens? What am I doing wrong?

I'm not sure. I put the 3 lines in "test.bat" then double-clicked on it.  It worked fine for me.
Put a PAUSE statement at the end of the 3 lines so you can see what it did or didn't do.

I'm getting an "access denied" error message when running the .bat with a PAUSE statement. Trying to troubleshoot it when I have a chance unless you have suggestions.

Was able to make the suggestion from the expert work finally. I had to run the wevtutil.exe commands as an admin to make it work via a .bat file through the command line and through task scheduler. I even researched and found out how to append the current date to the wevtutil.exe command:

example:

wevtutil.exe cl application /bu:\\c:\temp\application_%Date:~4,2%-Date:~7,2%.evtx

Thanks for the assistance!