No announcement yet.

Script to schedule save event log

  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to schedule save event log


    I want to save Event log ( including Event log in Domain Controller : DNS, Active Directory) automatically. Ex : Daily, Application log will be export to app_%date%.log (that mean, on 05/27/2007, the file should be app_052707.log )
    I tried google and found some Microsoft tools such as : dumpel.exe, elogdmp.exe ( actually, I couldn't find anywhere to download elogdmp.exe), psloglist.exe, ... but I can't schedule them to backup event log as my requirement.

    Anyone did have the same problem and solved it, please share your experience.

    Thanks so much.

    P/S: it seems that dumpel.exe didn't support DNS log and Active Directory log, so please tell me where can I don't load elogdmp.exe ???
    Love in vain is better than love no one.

  • #2
    Re: Script to schedule save event log

    A script like this one perhaps?

    (The script you can find there is however in-complete. It looks to me someone made some wrong changes afterwards. For instance in the text they write about an ini-file that should contain the names of the computers for the script to query, but the script that is published is not looking for such an inputfile at all, it just uses only the one computername thats written in the script. An otherthing is that apparently the script should write also its own resultlog during its process, but that part of the code is causing an error now. And at last there is one line that was broken the wrong way. I fixed those three problems in the copy below.)

    'name of this script: logarchive.vbs
    '- (search: Logs)
    strArchiveFolder = "C:\BckEvt"
    ServerName = "SrvDC001"
    Set WS = CreateObject("Wscript.Shell")
    Set FSO = CreateObject("Scripting.FileSystemObject")
    DateString = CurrentDate()
    Purge = False   '<---  I changed it to F for testing, it should be*: Purge = True
    on error resume next
    StartTime = Now
    Output "---------------------------------"
    OutPut "Started at: " & CStr(Now)
    Output ""
    Set System = GetObject("winmgmts:{(Backup,Security)}\\" & ServerName & _
    If Err.Number = 0 Then
      Set colLogs = System.ExecQuery("select * from Win32_NTEventLogFile",,48)
      For Each refLog In colLogs
           LogName = ServerName& "_" & LogFileName(refLog.LogFileName) & _
           "_" & DateString
      If FSO.FileExists(strArchiveFolder & "\" & LogName & ".evt") Then _
         FSO.DeleteFile(strArchiveFolder & "\" & LogName & ".evt")
      If Purge Then
          RetVal = reflog.ClearEventlog(strArchiveFolder & "\" & LogName & ".evt")
           RetVal = reflog.BackupEventlog(strArchiveFolder & "\" & LogName & ".evt")
      End If
         If RetVal = 0 Then
            Output vbTab & "Log was archived in .evt format: " & LogName & ".evt"
             If Purge Then Output vbTab & "All events were cleared from the log"
            Output vbTab & "Error while archiving in .evt format."
         End If
      Output vbTab & "Failed connect to the server"
    End If
    Set colLogs = Nothing
    Set refLogs = Nothing
    Set System = Nothing
    Output "----------------------------------------"
    OutPut "Finished at: " & CStr(Now)
    Output ""
    Output ""
    Set WS = Nothing
    '  FullLog.Close  ???FullLog=unknown 
    Set FullLog = Nothing
    Set FSO = Nothing
    Function CurrentDate
      Today = Date
      If Month(Today) < 10 Then
        CurrentDate = "0" & CStr(Month(Today))
        CurrentDate = CStr(Month(Today))
      End If
      If Day(Today) < 10 Then
        CurrentDate = CurrentDate & "0" & CStr(Day(Today))
        CurrentDate = CurrentDate & CStr(Day(Today))
      End If
      CurrentDate = CurrentDate & CStr(Year(Today))
      If Hour(Time) < 10 Then
        CurrentDate = CurrentDate & "0" & CStr(Hour(Time))
        CurrentDate = CurrentDate & CStr(Hour(Time))
      End If
    End Function
    Function LogFileName(LogName)
      Select Case LogName
        Case "Application"
               LogFileName = "app"
        Case "Directory Service"
               LogFileName = "dir"
        Case "DNS Server"
               LogFileName = "dns"
        Case "File Replication Service"
               LogFileName = "rep"
        Case "Security"
               LogFileName = "sec"
        Case "System"
               LogFileName = "sys"
      End Select
    End Function
    Sub Output(Text)
    '  wscript.echo text
    '    FullLog.writeline text  ???FullLog=unknown
    End Sub
    How to use it:
    - Create a folder C:\BckEvt (that is the foldername the script is looking for!)
    - Paste the script to this folder
    - The backupfile will be written here too
    - Run the script as domain\administrator

    What is does is:
    - it connect to the computer
    - creates backup-files (in *.evt format) of all the default eventlogs (including the special DC logs)
    - naming the backupfiles: computername_logname_dateh.evt
    - and clears the current logs (* Purge = True) to assure events will be backuped only once. (!)

    The archivefiles can be opend by using the Eventviewer

    Important note:
    This script is written to execute it only 'once a Day' OR 'once per Hour'! DO NOT run it in other frequencies otherwise events WILL be lost! because the previous backupfile which has the same name (maches day/hour) will then be overwritten.


    EDIT -
    more examples from the microsoft site:
    Last edited by Rems; 19th June 2007, 12:03.

    This posting is provided "AS IS" with no warranties, and confers no rights.


    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts


    • #3
      Re: Script to schedule save event log

      Originally posted by Rems View Post
      A script like this one perhaps?
      **** Edited by Dumber. No need to quote so much info. ****
      That's so great. Thank you so much. I will try. I'm not good at script so don't know how to make a script like that. Thank again.
      Last edited by Dumber; 1st June 2007, 15:14.
      Love in vain is better than love no one.