Signalsoldier74b
MIS
I am trying to write a script that looks for “Account Management” events in the security log and backs up the log if any are found. I have 2 problems with my script.
1. My Log manipulation function should be a subroutine, but when I make it a sub I get an error that says that you can not use parenthesis when calling a sub. That is a minor annoyance, and I can get over it by calling it a function, but if you know how to fix that I would appreciate it.
2. The main problem that I have is that when I call the log backup function and pass it a path for the backup, the function will backup the log to the wrong server. It puts the backup on the remote server that I am connecting to with WMI instead of the local server that I am running the script from. This is a big problem because we already have some disk space issues with some of our servers. I have also tried to use a UNC like \\servername\c$\logs, but when I do that I get an error 5, whatever that means. Please look at my script below and tell me what I am doing wrong. Any help I can get will be appreciated.
Thanks,
JRS
1. My Log manipulation function should be a subroutine, but when I make it a sub I get an error that says that you can not use parenthesis when calling a sub. That is a minor annoyance, and I can get over it by calling it a function, but if you know how to fix that I would appreciate it.
2. The main problem that I have is that when I call the log backup function and pass it a path for the backup, the function will backup the log to the wrong server. It puts the backup on the remote server that I am connecting to with WMI instead of the local server that I am running the script from. This is a big problem because we already have some disk space issues with some of our servers. I have also tried to use a UNC like \\servername\c$\logs, but when I do that I get an error 5, whatever that means. Please look at my script below and tell me what I am doing wrong. Any help I can get will be appreciated.
Thanks,
JRS
Code:
'declare variables
Dim objfso, OutputFile, strComputer
On Error Resume Next
SavedLogFilePath = "\\Server\C$\Documents and Settings\User\Desktop\Archived Event Logs\"
Set objfso = WScript.CreateObject("scripting.filesystemobject")
' make sure folders exist
If Not objfso.FolderExists(SavedLogFilePath) Then
objfso.CreateFolder(SavedLogFilePath)
End If
strComputer = "Ino0w005"
BackingUpSecLog = BackupSecLog(strComputer, SavedLogFilePath)
Function BackupSecLog(ServerName, SavePath)
'declare variables
Dim objWMIService, cLogFiles, oLogfile, errBackupLog
'connect to the WMI provider
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup, Security)}!\\" & _
ServerName & "\root\cimv2")
'query the Security logs
Set cLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Security'")
Dim oLogfileSaveName
oLogfileSaveName = SavePath & ServerName & " Security Log (" & Replace(CStr(Date()), "/", "-") & ").evt"
WScript.Echo("Function SavePath = " & oLogfileSaveName)
'go through the collection of logs
For Each oLogfile in cLogFiles
'back up the log to a file
errBackupLog = oLogfile.BackupEventLog _
(oLogfileSaveName)
'see if an error occured
If errBackupLog <> 0 Then
'one did - display an error
WScript.Echo("Couldn't get log from " & ServerName)
If errBackupLog = 8 Then
errBackupLogText = "Privilege missing"
Elseif errBackupLog = 21 Then
errBackupLogText = "Invalid parameter"
Elseif errBackupLog = 183 Then
errBackupLogText = "Archive file name already exists"
End If
WScript.Echo("Error was " & errBackupLog & ":" & errBackupLogText)
End If
Next
End Function