Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Schedule a Task that will archive event log 1

Status
Not open for further replies.
rmiley

rmiley

MIS
Apr 11, 2003
66
US
Is there anyway to use Windows task Scheduler to schedule a taks that will save an event log (specifically the Security Log) and then clear the log? If so does, anyone know how I could do it?
 
Sort by date Sort by votes
You can select to backup C:\WINDOWS\System32\config\SecEvent.Evt and then erase the file
 
Upvote 0 Downvote
There are some good third-party tools for this task; e.g.
To do it yourself:

1. Make a directory for the backup files (I will use C:\BACKUP.EVT in this example).

2. Download and extract KiXtart from
3. Create the Kix script with notepad in your new backup.evt directory. Name it Event_Backup.kix

; Do the backup of Security log
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT")
If @ERROR <> 0
? "Error backup up Security Log."
Endif

; Now clear the existing security log
$RCODE = ClearEventLog("Security")
If @ERROR <> 0
? "Error Clearing Security Log."
Endif

4. To run the script:

Start, Run, kix32





2. Using a REXX script:
 
Upvote 0 Downvote
Thank you bcastner...this is exactly what I've been searching for. I found the third party tools you mentioned along with a couple others, but I was really wanting to script it myself.

Thanks for the link to the REXX script!
 
Upvote 0 Downvote
Bcastner..I'm sorry to bother you again, but is there any chance you can explain the kix script you showed above. Once it is created in a notepad file, does it need to be renamed with the .kix file extension or can it stay as a .txt?

Also I tried running the script (as a .txt using kix32 driveletter:\path\filename) and I received the following error message:

Script error : expected expression !.
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT")

Am I doing something wrong?
 
Upvote 0 Downvote
Sorry just re-read your post...it needs to be named Backup_Event.kix so that answers one of my questions, but I still get the error message:

Script error : expected expression !.
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT")
 
Upvote 0 Downvote
1. sorry, this line was truncated in my original response:
To run the script:

Start, Run, kix32
Should read: Start, Run, kix32 Event_Backup.kix

2. Lets make the pathing clearer:

; Do the backup of Security log
$RCODE = BackUpEventLog("Security", "C:\BACKUP.EVT\Seclog.evt")
If @ERROR <> 0
? "Error backup up Security Log."
Endif

; Now clear the existing security log
$RCODE = ClearEventLog("Security")
If @ERROR <> 0
? "Error Clearing Security Log."
Endif

Other notes:

. Remember to use the RunAs facility of scheduled tasks to schedule the job as the local Administrator.

. You can use UNC names and create event logs on remote computers as well. Create a folder on each machine with the same name, e.g. BACKUP.EVT and use UNC naming. (You would need administrative privileges on each machine, or Domain Admin rights):

backupeventlog("\\Server1\system", "c:\BACKUP.EVT\syslog.evt")
BackupEventlog(“\\PDC\Security” , “C:\BACKUP.EVT\seclog.evt”)

A peculiarity is that the event log is always written to the machine that owns the event log.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Task Scheduler message persistence?
Replies
3
Views
226
VicM
VicM
Deniall
  • Locked
  • Question
AutoHotKey for a very simple task 1
Replies
5
Views
295
Deniall
Deniall
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
581
Flinx
Flinx
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
390
Ign3us
Ign3us
Sebastian42
  • Locked
  • Question
Possibly a timing problem
Replies
3
Views
920
Rick998
Rick998

Part and Inventory Search

Sponsor

Back
Top