Backup Security Event Log

[BB69]

Hello,

Is there a way to backup the Security event log? I have tried with the script below but it does not work. I get an access denied error. I am assuming I would need to pass a username and password in the script to access the security log but I don't know how to do that. Also, I would like have it save with a date format on each day without having to modify the script each time. E.g. secYYYYMMMdd.evt. I plan to use the scheduling service to backup the file each day.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")

Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Security'")

For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("E:\test\VBscript\eventlog\security.evt")
If errBackupLog <> 0 Then
Wscript.Echo "The security event log could not be backed up."
End If
Next

Any help would be appreciated.

Thanks
Brian.

 

[BB69]

I found how add the date on the file.

dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay

and when saving the file use
errBackupLog = objLogFile.BackupEventLog("E:\test\VBscript\eventlog\sec" & strBackupName & .evt")

Also changing this line allows me to read information from the security log but I am still not able to save it.
impersonationLevel=impersonate,(security)

What am I missing to backup the log.

Brian.

 

[BB69]

I got it.

I had to change this line.
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup,security)}!\\" & _
strComputer & "\root\cimv2")

Also, on the line below I forgot a quotation mark.
errBackupLog = objLogFile.BackupEventLog("E:\test\VBscript\eventlog\sec" & strBackupName & ".evt")

Brian.