Sunday, December 27, 2009

Script for Event log backup and clearing:

The below is the simple script for backing up and clearing the event logs.

###########################################################################################
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Security'")
For Each objLogfile in colLogFiles
OutputFile = "c:\eventlog\" & "Security "
OutputFile = OutputFile & Day(Now) & "-" & month(now) & "-" & year(now)
OutputFile = OutputFile & ".evt"
errBackupLog = objLogFile.BackupEventLog(OutputFile)
If errBackupLog = 0 Or errBackupLog = 183 Then
objLogFile.ClearEventLog()
Else
Wscript.Echo "The Security event log could not be backed up."
End If
Next
###########################################################################################

In the above, you can specify the log file type accordingly and also specify the location where the event log .evt file will be stored. After taking the backup of the event log, it will clear the event log.

Thanks

Logan

971552596187 | logu_microsoft@hotmail.com

No comments: