Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is it possible to automatically back up the Event Logs? 1

Status
Not open for further replies.
AJZnSD

AJZnSD

IS-IT--Management
Nov 19, 2003
21
US
Hello All,

Has anyone seen or know of a program that is capable of Backing up the Event logs automatically within 2k or 2k3?

Thanks in advance,

AJZ
 
Sort by date Sort by votes
I have a script that i use to dump security logs to a network share. You will need to put in a few mods for your environment, but here it is:

Option Explicit
'On Error Resume Next

'Define Variables
Dim strMachine
Dim strArchivePath
Dim strDate
Dim strMoniker
Dim objWMIService
Dim colLogFiles
Dim objLogFile
Dim errBackupLog
Dim objFs
Dim objNetwork
Dim strLocalArchive
Dim strErrorLog
Dim errlog
Dim drv

Const ForReading = 1
Const ForWriting = 2
Const TriStateFalse = 0

drv = "L:"
Set objNetwork = CreateObject("WScript.Network")
Set objFs = CreateObject("Scripting.FileSystemObject")
strMachine = objNetwork.ComputerName
strLocalArchive = "C:\" & makeFileName()
If (objFs.DriveExists(drv)) Then
objNetwork.RemoveNetworkDrive drv
Else
objNetwork.MapNetworkDrive drv,"\\PUTYOURSERVERHERE\SHARENAME"
End If
strArchivePath = drv & "\"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & strMachine & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName='Security'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog(strLocalArchive)
If errBackupLog <> 0 Then
strErrorLog = "C:\Error-" & strMachine & "-" & Month(Now) & "-" & Day(Now) & "-" & Year(Now) & "-"& Hour(Now) & "-"& Minute(Now) & ".log"
Set errlog = objFs.OpenTextFile(strErrorLog, ForWriting, True)
errlog.WriteLine "an error occured backing up the security logs on " & strMachine
errlog.Close
objFs.MoveFile strErrorLog,strArchivePath
Else
objLogFile.ClearEventLog()
objFs.MoveFile strLocalArchive,strArchivePath
End If
Next
objNetwork.RemoveNetworkDrive drv

Function makeFileName()
makeFileName = strMachine & "-Security-" & Month(Now) & "-" & Day(Now) & "-" & Year(Now) & "-"& Hour(Now) & "-"& Minute(Now) & ".evt"
End Function

~Intruder~
CEH, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong" :)
 
Upvote 0 Downvote
NetIntruder,
Thanks for the post! I will give this a shot.

AJZ
 
Upvote 0 Downvote
be aware that i have the script set to export then clear the log - this may or may not be what you want... adjust accordingly!!!

~Intruder~
CEH, MCSA/MCSE 2000/2003

"The Less You Do, The Less Can Go Wrong" :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC &amp; Adding back to our Network
Replies
0
Views
360
DTGMI
DTGMI
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
783
gbaughma
gbaughma
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
174
RRankin355
RRankin355
juniper911
  • Locked
  • Question
Smartcard PIN Cache - is it configurable?
Replies
0
Views
136
juniper911
juniper911
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
404
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top