Solved

How to seperate back up path logs

Posted on 2014-03-06
10
390 Views
Last Modified: 2014-03-07
This utility built in as a command line for Server 2008 works perfectly, besides the fact that it is placed in one folder and not separated ie. folder called:  application, security, system.  Is there a variable that i can place in this command to send each backup to a specified folder.

For example i would like this >>>> wevtutil epl Security BACKUP_PATH%\security_%timestamp%.evtx to go a D:\Logs\Security etc.

rem Script start here
rem Timestamp Generator

set BACKUP_PATH=D:\logs\

rem Parse the date (e.g., Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

rem Parse the time (e.g., 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%


rem Set the timestamp format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%%

wevtutil epl System %BACKUP_PATH%\system_%timestamp%.evtx
wevtutil epl Application %BACKUP_PATH%\application_%timestamp%.evtx
wevtutil epl Security %BACKUP_PATH%\security_%timestamp%.evtx

rem End of Script

Open in new window

0
Comment
Question by:cgooden01
  • 4
  • 3
  • 3
10 Comments
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
From a quick look, in your backup commandlines you are specifying the filename, just change it to the path you want, i.e. at most basic replace the _ after system, application etc. with a \.

Curious why you want to extract your event logs to backup?

Steve
0
 
LVL 51

Expert Comment

by:Bill Prew
Comment Utility
Give this a try, it should do what you are looking for.  It processes a list of the logs to backup and then makes sure the destination directory exists, and sends the eventlog extract there.

rem Script start here
rem Timestamp Generator

set BACKUP_PATH=D:\logs
set BACKUP_LOGS=System,Application,Security

rem Parse the date (e.g., Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

rem Parse the time (e.g., 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%

rem Set the timestamp format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%

for %%A in (%BACKUP_LOGS%) do (
  if not exist "%BACKUP_PATH%\%%A\" md "%BACKUP_PATH%\%%A\"
  wevtutil epl %%A "%BACKUP_PATH%\%%A\system_%timestamp%.evtx"
)

rem End of Script

Open in new window

~bp
0
 

Author Comment

by:cgooden01
Comment Utility
I will try this in the morning. So it is to my understanding that each log will go to its respective folder on D.  The purpose of this is for off-line viewing of Security Personnel and also to alleviate the C Volume from getting full.  

So System Logs will have a System Folder, Application Logs>>Application Folder and Security Logs>>Security folder .....Correct

If Im not mistaken, (dragon-it)  You are saying in-place  of:

wevtutil epl System D:\Logs\SystemLog\system_%timestamp%.evtx
wevtutil epl Application D:\Logs\ApplicationLog\application_%timestamp%.evtx
etc.......
0
 
LVL 51

Expert Comment

by:Bill Prew
Comment Utility
Yes, that is what my script did.

~bp
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Yes that is what I meant, and as Bill says what he has done in his script.  I was using mobile as I am now hence why I didn't copy/past it all.

All you need to do is make sure those three dirs are already there, or your app extract might make them itself, I don't know off hand.

Bill's script includes making sure dir is there too.

Steve
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:cgooden01
Comment Utility
Worked great as advised and anticipated.  Now is there a way that i can loop into a clear command to run moments after the backup is accomplished instead of running another script.  

Currently, I have another batch file running 5 minute later to clear the logs
wevtutil cl System
wevtutil cl Application
wevtutil cl Security
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
Just add those commands to the bottom of the above script, i.e. in Bill's script before the line rem End of Script.

There is nothing too magic about batch files, they just run the commands you ask in order.

If you want a pause before the next bit you can do a PING command most easily to pause, i.e. add to the end:

REM Wait approx. 1 minute
PING 127.0.0.1 -n 60 >NUL 2>&1

REM Clear logs
wevtutil cl System
wevtutil cl Application
wevtutil cl Security
0
 
LVL 51

Accepted Solution

by:
Bill Prew earned 200 total points
Comment Utility
Or, using my approach:

rem Script start here
rem Timestamp Generator

set BACKUP_PATH=D:\logs
set BACKUP_LOGS=System,Application,Security

rem Parse the date (e.g., Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

rem Parse the time (e.g., 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%

rem Set the timestamp format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%

for %%A in (%BACKUP_LOGS%) do (
  if not exist "%BACKUP_PATH%\%%A\" md "%BACKUP_PATH%\%%A\"
  wevtutil epl %%A "%BACKUP_PATH%\%%A\system_%timestamp%.evtx"
)

rem Wait 10 seconds
ping -n 1 -w 10000 192.0.0.0 >NUL 2>&1

rem Clear the logs
for %%A in (%BACKUP_LOGS%) do (
  wevtutil cl %%A
)

rem End of Script

Open in new window

~bp
0
 

Author Comment

by:cgooden01
Comment Utility
Worked Great!  Thanks a bunch.  Perfect Results and respond.
0
 
LVL 51

Expert Comment

by:Bill Prew
Comment Utility
Welcome, glad that helped.

~bp
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
I have published numerous articles here at Experts Exchange that present programs/scripts written in a language called AutoHotkey. Each of those articles has a brief paragraph describing where to download the product and how to install it. I have al…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now