Announcement

Collapse
No announcement yet.

security log file export required

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • security log file export required

    Hi Gurus

    I am new to this forum, so apologies in advance if I this sounds like a stupid question. I have a requirement which I am trying to solve using.
    What I want to do is collect the security logs from all the servers in the domain, that are listed in a file and save the logs, with unique names on to a folder. Can this be achieved by any existing utility or with a script? If you can please get me a script that will be great. I am not very good with vbs and hence is struggling. My environment contains a mixture of 2003/2008 servers and there are approximately 100 servers so I don't particularly fancy going into each server and then saving the log. That will take a long time. I want to save the logs in the .evt and .evtx format. Is it a possibility at all?

    Any help will be greatly appreciated!!!
    Thanks in advance.

    Regards

  • #2
    Re: security log file export required

    I have deleted your identical thread in the Windows Scripting forum.

    Powershell will do the trick -- I had something similar but exported to CSV (If I find the script I will post it). Ran as a scheduled job on each server and then another job copied the logs to a central store.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: security log file export required

      Originally posted by Ossian View Post
      I have deleted your identical thread in the Windows Scripting forum.

      Powershell will do the trick -- I had something similar but exported to CSV (If I find the script I will post it). Ran as a scheduled job on each server and then another job copied the logs to a central store.
      Code:
      get-eventlog -logname security -computername servername | ExportTo-CSV logs.csv
      That should give you enough hints to get you started.

      Comment


      • #4
        Re: security log file export required

        Hi Ossian and wullieb

        Thank you so much for your response.

        Ossian, I apologize for the redundancy. I thought I have submitted the two threads under two different topics to get better coverage. As mentioned before, this is my first time posting in this forum so it was an honest mistake. I apologize again.
        Wullieb, thanks again for the help. However the issues here are that I am dealing with approximately a 100 server here. So I have to do this command for a 100 times. So ideally, if there was a script which can read the names of the server from a file, csv or text, and then perform the action, it will be ideal. The second issue is that I need the events to be saved as evt or evtx. This is because I need these logs to be parsed by another application which can only read evt or evtx format. So what I want to do can is to get the log files from the servers and copy to a share accessible by the servers. Is there a way the get-eventlog or anything else that can do that? I am sure somebody must have faced this issue before.

        Thanks again for your help. It is much appreciated.

        Regards,

        Comment


        • #5
          Re: security log file export required

          Code:
          strComputer = "."
          Set objWMIService = GetObject("winmgmts:" _
              & "{impersonationLevel=impersonate,(Backup)}!\\" & _
                  strComputer & "\root\cimv2")
          Set colLogFiles = objWMIService.ExecQuery _
              ("Select * from Win32_NTEventLogFile " _
                  & "Where LogFileName='Application'")
          For Each objLogfile in colLogFiles
              errBackupLog = objLogFile.BackupEventLog( _
                  "c:\scripts\application.evt")
              WScript.Echo "File saved as c:\scripts\applications.evt"
          Next
          from here http://msdn.microsoft.com/en-us/libr...(v=vs.85).aspx should do exactly what you want

          Comment


          • #6
            Re: security log file export required

            Hi wullieb1

            Thanks again for your prompt reply. I am a novice when it comes to vbs and that is why I might be mistaken. Please pardon my ignorance but doesn't this script need to be run individually on each of the servers? Also how do I specify the name of the input text file? Also I ran the vbs file on cmd with cscript and I got the message that the files have been saved in the folder, but that folder hasn't been created.
            As I said I am a novice .

            Thanks again in advance

            Comment


            • #7
              Re: security log file export required

              Originally posted by dips View Post
              Hi wullieb1

              Thanks again for your prompt reply. I am a novice when it comes to vbs and that is why I might be mistaken. Please pardon my ignorance but doesn't this script need to be run individually on each of the servers? Also how do I specify the name of the input text file? Also I ran the vbs file on cmd with cscript and I got the message that the files have been saved in the folder, but that folder hasn't been created.
              As I said I am a novice .

              Thanks again in advance
              In its current form yes it will need to be run on each server. You need to investigate arrays in VB and either get all the servers in your domain or load them from a text file and run it from there. You could also hardcode them in the script if required.

              http://www.tizag.com/vbscriptTutoria...riptarrays.php

              If the folders and files don't exist then use the FileSystemObject to create them for you.

              http://www.computerperformance.co.uk...der_create.htm

              I won't write the script for you as you will not learn anything but will point you in the right direction.

              There are tons of websites available that will help you learn VBS to administer your servers.

              In all honesty though it would be much more beneficial for a scripting newbie to look into PowerShell.

              Comment


              • #8
                Re: security log file export required

                Hi wullieb

                Thanks for your response. I will definitely look into the sites and let you know how I went.
                I appreciate your stance on this. The only reason I wanted a quick resolution is that as is the case, I was told yesterday that I have to do this tomorrow. I did try to whip something up all day yesterday, and after trying many things and failing, including some sysinternal tools came to this site to seek for help as I saw some similar posts. As is the case usually, if I had the time to learn something I probably would. However that is the big if!!!
                Also with powershell, I tried writing a few and I faced the same problem there.

                Thanks again for your help thus far. It is much appreciated.

                Regards,

                Comment


                • #9
                  Re: security log file export required

                  Originally posted by dips View Post
                  Hi wullieb

                  Thanks for your response. I will definitely look into the sites and let you know how I went.
                  I appreciate your stance on this. The only reason I wanted a quick resolution is that as is the case, I was told yesterday that I have to do this tomorrow. I did try to whip something up all day yesterday, and after trying many things and failing, including some sysinternal tools came to this site to seek for help as I saw some similar posts. As is the case usually, if I had the time to learn something I probably would. However that is the big if!!!
                  Also with powershell, I tried writing a few and I faced the same problem there.

                  Thanks again for your help thus far. It is much appreciated.

                  Regards,
                  In all honestly it shouldn't take you too long to work it out. I've given you pretty much everything that you need to knock something up. It doesn't have to be the best script just functional, that's how mine usually are LOL.

                  Comment


                  • #10
                    Re: security log file export required

                    *sigh*

                    look, wullie, could you just WRITE The script for him please? then save it on a DVD, and get it couriered to him.

                    It's clearly important.
                    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                    Comment


                    • #11
                      Re: security log file export required

                      Originally posted by tehcamel View Post
                      *sigh*

                      look, wullie, could you just WRITE The script for him please? then save it on a DVD, and get it couriered to him.

                      It's clearly important.
                      Let me think about that............

                      No

                      Comment


                      • #12
                        Re: security log file export required

                        Originally posted by tehcamel View Post
                        *sigh*

                        look, wullie, could you just WRITE The script for him please? then save it on a DVD, and get it couriered to him.

                        It's clearly important.
                        Surely it should be hand delivered, installed and tested, then a year of free on-site support provided?

                        @Dips -- we are not being horrible to you, but Wullie made a very valid point that you will need to learn what to do for yourself, so you will get lots of pointers.

                        If the timescale is really short, testing the powershell you were given and setting up a scheduled task manually won't take forever -- I had about a 10 line powershell script which would run on a server, copy standard scripts from the network and set up the jobs (I just can't find it at present otherwise I would post a copy)
                        Last edited by Ossian; 5th April 2013, 06:21.
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment


                        • #13
                          Re: security log file export required

                          here's another quick way to do it:

                          wevtutil CL Security /BU:\Maintenance\EventLogs\Security.evtx

                          schedule it on each computer (that will CLEAR and backup, not just clear)

                          You could expand it out a bit by making it use a date-encoded file name -%Date%-Security.evtx or %date%-%hostname%-Security.evtx

                          then have another script that runs from your central server, and pulls it over the network from each server
                          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                          Comment


                          • #14
                            Re: security log file export required

                            I haven't tried the code myself, but something like this should give you the inspiration I think

                            Code:
                            $AllServers = Get-content c:\temp\servers.txt
                            
                            for each ($servername in $AllServers){
                                 get-eventlog -logname security -computername $servername | ExportTo-CSV $Seververname &"Securitylogs.csv"
                            
                            }
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment

                            Working...
                            X