1. sorry, this line was truncated in my original response:
To run the script:
Start, Run, kix32
Should read: Start, Run, kix32 Event_Backup.kix
2. Lets make the pathing clearer:
; Do the backup of Security log
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT\Seclog.evt")
If @ERROR <> 0
? "Error backup up Security Log."
Endif
; Now clear the existing security log
$RCODE = ClearEventLog("Security")
If @ERROR <> 0
? "Error Clearing Security Log."
Endif
Other notes:
. Remember to use the RunAs facility of scheduled tasks to schedule the job as the local Administrator.
. You can use UNC names and create event logs on remote computers as well. Create a folder on each machine with the same name, e.g. BACKUP.EVT and use UNC naming. (You would need administrative privileges on each machine, or Domain Admin rights):
backupeventlog("\\Server1\system", "c:\BACKUP.EVT\syslog.evt")
BackupEventlog(“\\PDC\Security” , “C:\BACKUP.EVT\seclog.evt”)
A peculiarity is that the event log is always written to the machine that owns the event log.