Backing Up Security Log from Event Viewer

[zalaska]

Hello. I am trying to backup the security log from the event viewer. I found a script from someone else, but still can not get it to work. I keep getting the Wscript.Echo "The security event log could not be backed up.". Would anyone be able to look at the script below to see if anything is missing, or have an idea why I cannot get the security log to back up? Thanks..



strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup,security)}!\\" & _
strComputer & "\root\cimv2")

Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Security'")

dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay

For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\test" & strBackupName & ".evt")
If errBackupLog <> 0 Then
Wscript.Echo "The security event log could not be backed up."
End If
Next

 

[sparkbyte]

Check your security level. If you are not a local admin you may not have the rights to read the security logs through WMI. Also make sure the path to the saved logs exists.

You might also look at this
thread329-1334328
I worked on this a while back to send event logs to an SQL server that then can be parsed and custom reports created.

Thanks

John Fuhrman
faq329-6766
thread329-1334328
thread329-1424438

 

[mrmovie]

i seem to recall running into an issue with eventlogs and permissions in the past, memory doesnt serve me very well but i recall just removing the impersonation level text from the moniker string fixed the issue....i might be talking pony though