Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Schedule a Task that will archive event log 1
- Thread starter rmiley
- Start date
vicentealeman
IS-IT--Management
You can select to backup C:\WINDOWS\System32\config\SecEvent.Evt and then erase the file
-
1
- #3
There are some good third-party tools for this task; e.g.
To do it yourself:
1. Make a directory for the backup files (I will use C:\BACKUP.EVT in this example).
2. Download and extract KiXtart from
3. Create the Kix script with notepad in your new backup.evt directory. Name it Event_Backup.kix
; Do the backup of Security log
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT")
If @ERROR <> 0
? "Error backup up Security Log."
Endif
; Now clear the existing security log
$RCODE = ClearEventLog("Security")
If @ERROR <> 0
? "Error Clearing Security Log."
Endif
4. To run the script:
Start, Run, kix32
2. Using a REXX script:
To do it yourself:
1. Make a directory for the backup files (I will use C:\BACKUP.EVT in this example).
2. Download and extract KiXtart from
3. Create the Kix script with notepad in your new backup.evt directory. Name it Event_Backup.kix
; Do the backup of Security log
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT")
If @ERROR <> 0
? "Error backup up Security Log."
Endif
; Now clear the existing security log
$RCODE = ClearEventLog("Security")
If @ERROR <> 0
? "Error Clearing Security Log."
Endif
4. To run the script:
Start, Run, kix32
2. Using a REXX script:
- Thread starter
- #4
- Thread starter
- #5
Bcastner..I'm sorry to bother you again, but is there any chance you can explain the kix script you showed above. Once it is created in a notepad file, does it need to be renamed with the .kix file extension or can it stay as a .txt?
Also I tried running the script (as a .txt using kix32 driveletter:\path\filename) and I received the following error message:
Script error : expected expression !.
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT")
Am I doing something wrong?
Also I tried running the script (as a .txt using kix32 driveletter:\path\filename) and I received the following error message:
Script error : expected expression !.
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT")
Am I doing something wrong?
- Thread starter
- #6
1. sorry, this line was truncated in my original response:
To run the script:
Start, Run, kix32
Should read: Start, Run, kix32 Event_Backup.kix
2. Lets make the pathing clearer:
; Do the backup of Security log
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT\Seclog.evt")
If @ERROR <> 0
? "Error backup up Security Log."
Endif
; Now clear the existing security log
$RCODE = ClearEventLog("Security")
If @ERROR <> 0
? "Error Clearing Security Log."
Endif
Other notes:
. Remember to use the RunAs facility of scheduled tasks to schedule the job as the local Administrator.
. You can use UNC names and create event logs on remote computers as well. Create a folder on each machine with the same name, e.g. BACKUP.EVT and use UNC naming. (You would need administrative privileges on each machine, or Domain Admin rights):
backupeventlog("\\Server1\system", "c:\BACKUP.EVT\syslog.evt")
BackupEventlog(“\\PDC\Security” , “C:\BACKUP.EVT\seclog.evt”)
A peculiarity is that the event log is always written to the machine that owns the event log.
To run the script:
Start, Run, kix32
Should read: Start, Run, kix32 Event_Backup.kix
2. Lets make the pathing clearer:
; Do the backup of Security log
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT\Seclog.evt")
If @ERROR <> 0
? "Error backup up Security Log."
Endif
; Now clear the existing security log
$RCODE = ClearEventLog("Security")
If @ERROR <> 0
? "Error Clearing Security Log."
Endif
Other notes:
. Remember to use the RunAs facility of scheduled tasks to schedule the job as the local Administrator.
. You can use UNC names and create event logs on remote computers as well. Create a folder on each machine with the same name, e.g. BACKUP.EVT and use UNC naming. (You would need administrative privileges on each machine, or Domain Admin rights):
backupeventlog("\\Server1\system", "c:\BACKUP.EVT\syslog.evt")
BackupEventlog(“\\PDC\Security” , “C:\BACKUP.EVT\seclog.evt”)
A peculiarity is that the event log is always written to the machine that owns the event log.
- Status
Similar threads
- Locked
- Question