how to Save only some events in event log

[TheALL]

i need to save certainly events fron event log in a determinate data

First i use simple microsoft example to test backup
-----------------------------------------------
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("C:\Documents and Settings\Lorenzo_Baccioli\Desktop\application.evt")
Next
----------------------------------------------------
this save exact copy of application or security or system


Second i try to find and read certainly events in a determinate date
-------------------------------------------------------
Const CONVERT_TO_LOCAL_TIME = True
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
DateToCheck = CDate("31/12/2004")
dtmStartDate.SetVarDate DateToCheck, CONVERT_TO_LOCAL_TIME
dtmEndDate.SetVarDate DateToCheck + 1, CONVERT_TO_LOCAL_TIME
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")
For each objEvent in colEvents
' Wscript.Echo "Category: " & objEvent.Category
' Wscript.Echo "Computer Name: " & objEvent.ComputerName
Wscript.Echo "Event Code: " & objEvent.EventCode
' Wscript.Echo "Message: " & objEvent.Message
' Wscript.Echo "Record Number: " & objEvent.RecordNumber
' Wscript.Echo "Source Name: " & objEvent.SourceName
' Wscript.Echo "Time Written: " & objEvent.TimeWritten
' Wscript.Echo "Event Type: " & objEvent.Type
' Wscript.Echo "User: " & objEvent.User
' Wscript.Echo objEvent.LogFile
Next
-----------------------------------------------------

this show me all system,application and security events in that date.

now i need an help to merge those script and save in a backup application,system or security evt file ,with only the events i choise in a determinate date.

Is possible?

 

[PHV]

Something like this ?
Set colLogFiles = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application' AND TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'")

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244

 

[TheALL]

not work
already try it
one use Win32_NTEventLogFile
and one use Win32_NTLogEvent
i see those have different function

 

[PHV]

OOps, sorry.
Perhaps this ?
For Each objLogfile in colLogFiles
Set colEvents = objWMIService.ExecQuery _
("Select * from Win32_NTLogEvent Where TimeWritten >= '" _
& dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'" _
& Logfile='" & objLogFile.FileName & "." & objLogFile.Extension & "'" )
...

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244

 

[TheALL]

no error but seems not backup only file i want but always all.
maybe changing the command of saving?
errBackupLog = objLogFile.BackupEventLog("....")