asked on
Script to copy event logs
Hello everyone,
Sorry if this question was posted before, but I did a search and it did not give me the details I needed.
I have an environment of 4 servers (2 Server 2008 and 2 Server 2003) that I would like to run some kind of a script to copy the event logs (Applications, System, and Security) logs to a remote location with a directory that will have the date listed.
I do have domain admin rights on the boxes.
Can someone please provide some help in this area?
Thank you for your time!
Sorry if this question was posted before, but I did a search and it did not give me the details I needed.
I have an environment of 4 servers (2 Server 2008 and 2 Server 2003) that I would like to run some kind of a script to copy the event logs (Applications, System, and Security) logs to a remote location with a directory that will have the date listed.
I do have domain admin rights on the boxes.
Can someone please provide some help in this area?
Thank you for your time!
VB ScriptMicrosoft Server OSScripting Languages
Last Comment
Member_2_6492660_1
ASKER
Thank you for your prompt reply. Sorry for the simple question but I am not a scripting guy, can you tell me which variables I will need to change on this script so I can test it on my environment?
thanks!
thanks!
What machine you going to run it on?
ASKER
I am going to run it on a local machine that has access to 4 different servers (part of the domain)
What is the OS of the machine?
I will work up the changes to the script
Do you have a way to send email via batch?
You can download 7Zip command line program it is free
The event log backup process depends on the OS running
I will work up the changes to the script
Do you have a way to send email via batch?
You can download 7Zip command line program it is free
The event log backup process depends on the OS running
ASKER
The OS of the machine is Win 7. the servers are all Server 2008.
I really do not want to install any applications (like 7 zip)
if it is possible I just want the script to copy and move the logs.
thank you!
I really do not want to install any applications (like 7 zip)
if it is possible I just want the script to copy and move the logs.
thank you!
Ok on windows 7 you have wevtutil that will do what you need
this is a simple batch that you can modify to your environment
@echo off
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dtd=%%j%%k%%l
for /f "Tokens=1" %%i in ('time /t') do set tm=-%%i
set tm=%tm::=-%
set dtt=%dt%%tm%
wevtutil epl application "c:\eventlogs\serverapplic
wevtutil epl system "c:\eventlogs\serversystem
wevtutil epl security "c:\eventlogs\serversecuri
move "c:\eventlogs\serverapplic
move "c:\eventlogs\serversystem
move "c:\eventlogs\serversecuri
exit
When you connect to the remote server you may need to use the /u parameter
you can see all the explations of wevtutil by going to a command prompt and typing wevtutil hit enter.
then wevtutil COMMAND /? for more information
Plug in your server name so that you can separate the names in the listing easier.
need anymore help let me know
this is a simple batch that you can modify to your environment
@echo off
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dtd=%%j%%k%%l
for /f "Tokens=1" %%i in ('time /t') do set tm=-%%i
set tm=%tm::=-%
set dtt=%dt%%tm%
wevtutil epl application "c:\eventlogs\serverapplic
wevtutil epl system "c:\eventlogs\serversystem
wevtutil epl security "c:\eventlogs\serversecuri
move "c:\eventlogs\serverapplic
move "c:\eventlogs\serversystem
move "c:\eventlogs\serversecuri
exit
When you connect to the remote server you may need to use the /u parameter
you can see all the explations of wevtutil by going to a command prompt and typing wevtutil hit enter.
then wevtutil COMMAND /? for more information
Plug in your server name so that you can separate the names in the listing easier.
need anymore help let me know
ASKER
Hello trgrassijr55,
Thank you for the help. Sorry but I am not familiar with scripting, so I was unable to get the script to work fully. I ran the script above on a local Win 7 machine to see what it will do and below are the changes that I made:
@echo off
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dtd=%%j%%k%%l
for /f "Tokens=1" %%i in ('time /t') do set tm=-%%i
set tm=%tm::=-%
set dtt=%dt%%tm%
wevtutil epl application "c:\eventlogs\serverapplic
wevtutil epl system "c:\eventlogs\serversystem
wevtutil epl security "c:\eventlogs\serversecuri
move "c:\eventlogs\serverapplic
move "c:\eventlogs\serversystem
move "c:\eventlogs\serversecuri
exit
RDProject is just a made up name for a server. The first part of the Script worked where it copied the files but I am not sure how to open these files to view them. please see attached image.
the Move part didn't work for me, im not sure why.
Any help is much appreciated.
Thank you
Image.JPG
Thank you for the help. Sorry but I am not familiar with scripting, so I was unable to get the script to work fully. I ran the script above on a local Win 7 machine to see what it will do and below are the changes that I made:
@echo off
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dtd=%%j%%k%%l
for /f "Tokens=1" %%i in ('time /t') do set tm=-%%i
set tm=%tm::=-%
set dtt=%dt%%tm%
wevtutil epl application "c:\eventlogs\serverapplic
wevtutil epl system "c:\eventlogs\serversystem
wevtutil epl security "c:\eventlogs\serversecuri
move "c:\eventlogs\serverapplic
move "c:\eventlogs\serversystem
move "c:\eventlogs\serversecuri
exit
RDProject is just a made up name for a server. The first part of the Script worked where it copied the files but I am not sure how to open these files to view them. please see attached image.
the Move part didn't work for me, im not sure why.
Any help is much appreciated.
Thank you
Image.JPG
ASKER
Update:
Sorry. Never mind about the file extensions, I was able to add .evt at the end to allow event viewer to open the files.
Thanks!
Sorry. Never mind about the file extensions, I was able to add .evt at the end to allow event viewer to open the files.
Thanks!
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
@echo off
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dt=%%i-%%j-%%k-%%l
for /f "Tokens=1-4 Delims=/ " %%i in ('date /t') do set dtd=%%j%%k%%l
for /f "Tokens=1" %%i in ('time /t') do set tm=-%%i
set tm=%tm::=-%
set dtt=%dt%%tm%
del c:\util\selogbu.txt
"C:\Program Files\Event Log Explorer\elback.exe" "C:\Documents and Settings\Administrator.OUR
C:\Util\7zip\7za a -y "e:\event log backups\servers\SERV005-%d
C:\Util\7zip\7za a -y "e:\event log backups\servers\SERV010-%d
C:\Util\7zip\7za a -y "e:\event log backups\servers\SERV011-%d
C:\Util\7zip\7za a -y "e:\event log backups\servers\SERV012-%d
C:\Util\7zip\7za a -y "e:\event log backups\servers\SERV013-%d
del "e:\event log backups\servers\*.evt" >selogbu.txt
dir "e:\event log backups\servers\*.*" >>selogbu.txt
c:\util\febooti\febootimai
exit
This use three utilities
1. ELBACK from Event Log Viewer
2. 7ZIP command line Free
3. Febooti batch SMTP email
I run this one a week and then it emails me a report files are zipped up to conserve disk space.
There are other utilities you can use but this script can be modified to use your utils