Solved

How to seperate back up path logs

Posted on 2014-03-06
10
421 Views
Last Modified: 2014-03-07
This utility built in as a command line for Server 2008 works perfectly, besides the fact that it is placed in one folder and not separated ie. folder called:  application, security, system.  Is there a variable that i can place in this command to send each backup to a specified folder.

For example i would like this >>>> wevtutil epl Security BACKUP_PATH%\security_%timestamp%.evtx to go a D:\Logs\Security etc.

rem Script start here
rem Timestamp Generator

set BACKUP_PATH=D:\logs\

rem Parse the date (e.g., Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

rem Parse the time (e.g., 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%


rem Set the timestamp format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%%

wevtutil epl System %BACKUP_PATH%\system_%timestamp%.evtx
wevtutil epl Application %BACKUP_PATH%\application_%timestamp%.evtx
wevtutil epl Security %BACKUP_PATH%\security_%timestamp%.evtx

rem End of Script

Open in new window

0
Comment
Question by:cgooden01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39910581
From a quick look, in your backup commandlines you are specifying the filename, just change it to the path you want, i.e. at most basic replace the _ after system, application etc. with a \.

Curious why you want to extract your event logs to backup?

Steve
0
 
LVL 54

Expert Comment

by:Bill Prew
ID: 39911305
Give this a try, it should do what you are looking for.  It processes a list of the logs to backup and then makes sure the destination directory exists, and sends the eventlog extract there.

rem Script start here
rem Timestamp Generator

set BACKUP_PATH=D:\logs
set BACKUP_LOGS=System,Application,Security

rem Parse the date (e.g., Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

rem Parse the time (e.g., 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%

rem Set the timestamp format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%

for %%A in (%BACKUP_LOGS%) do (
  if not exist "%BACKUP_PATH%\%%A\" md "%BACKUP_PATH%\%%A\"
  wevtutil epl %%A "%BACKUP_PATH%\%%A\system_%timestamp%.evtx"
)

rem End of Script

Open in new window

~bp
0
 

Author Comment

by:cgooden01
ID: 39911501
I will try this in the morning. So it is to my understanding that each log will go to its respective folder on D.  The purpose of this is for off-line viewing of Security Personnel and also to alleviate the C Volume from getting full.  

So System Logs will have a System Folder, Application Logs>>Application Folder and Security Logs>>Security folder .....Correct

If Im not mistaken, (dragon-it)  You are saying in-place  of:

wevtutil epl System D:\Logs\SystemLog\system_%timestamp%.evtx
wevtutil epl Application D:\Logs\ApplicationLog\application_%timestamp%.evtx
etc.......
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 54

Expert Comment

by:Bill Prew
ID: 39911515
Yes, that is what my script did.

~bp
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39911690
Yes that is what I meant, and as Bill says what he has done in his script.  I was using mobile as I am now hence why I didn't copy/past it all.

All you need to do is make sure those three dirs are already there, or your app extract might make them itself, I don't know off hand.

Bill's script includes making sure dir is there too.

Steve
0
 

Author Comment

by:cgooden01
ID: 39912371
Worked great as advised and anticipated.  Now is there a way that i can loop into a clear command to run moments after the backup is accomplished instead of running another script.  

Currently, I have another batch file running 5 minute later to clear the logs
wevtutil cl System
wevtutil cl Application
wevtutil cl Security
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39912404
Just add those commands to the bottom of the above script, i.e. in Bill's script before the line rem End of Script.

There is nothing too magic about batch files, they just run the commands you ask in order.

If you want a pause before the next bit you can do a PING command most easily to pause, i.e. add to the end:

REM Wait approx. 1 minute
PING 127.0.0.1 -n 60 >NUL 2>&1

REM Clear logs
wevtutil cl System
wevtutil cl Application
wevtutil cl Security
0
 
LVL 54

Accepted Solution

by:
Bill Prew earned 200 total points
ID: 39912447
Or, using my approach:

rem Script start here
rem Timestamp Generator

set BACKUP_PATH=D:\logs
set BACKUP_LOGS=System,Application,Security

rem Parse the date (e.g., Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

rem Parse the time (e.g., 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%

rem Set the timestamp format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%

for %%A in (%BACKUP_LOGS%) do (
  if not exist "%BACKUP_PATH%\%%A\" md "%BACKUP_PATH%\%%A\"
  wevtutil epl %%A "%BACKUP_PATH%\%%A\system_%timestamp%.evtx"
)

rem Wait 10 seconds
ping -n 1 -w 10000 192.0.0.0 >NUL 2>&1

rem Clear the logs
for %%A in (%BACKUP_LOGS%) do (
  wevtutil cl %%A
)

rem End of Script

Open in new window

~bp
0
 

Author Comment

by:cgooden01
ID: 39912681
Worked Great!  Thanks a bunch.  Perfect Results and respond.
0
 
LVL 54

Expert Comment

by:Bill Prew
ID: 39912765
Welcome, glad that helped.

~bp
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the years I've spent many an hour playing on hardened, DMZ'd servers, with only a sub-set of the usual GNU toy's to keep me company; frequently I've needed to save and send log or data extracts from these server back to my PC, or to others, and…
You may have already been in the need to update a whole folder stucture using a script. Robocopy does it well and even provides a list of non-updated files in a log (if asked to). Generally those files that were locked by a user or a process by the …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question