Announcement

Collapse
No announcement yet.

Looking for a script to archive event logs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Looking for a script to archive event logs

    Sorry, being lazy and probably will find this with a five minute google. but I'm needing to archive windows event logs on multiple servers (about 50), so I'm looking for a script to:

    Prompt for the event log to handle (or iterate through all of them) -- must include DC logs as well as system, app and security
    Generate a file name (log name + date)
    Archive the log
    Clear the log

    Any suggestions? -- language does not matter although I have a preference for vbs
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: Looking for a script to archive event logs

    Originally posted by Ossian View Post
    I'm needing to archive windows event logs on multiple servers (about 50)
    Power to the Shell!

    $eventlogs = @("system", "application", "security") # andwhatnot
    $computers = @("mydc1", "mydc2", "myfileserver1")

    foreach($computer in $computers) {
    foreach($el in $eventlogs) {
    $log = get-eventlog -logname $el -computername $computer
    foreach($l in $log) {
    add-content -path ($computer+"-"+$el+".log") -value ("{0}: {1}" -f $l.index, $l.message)
    }
    #clear-eventlog -logname $el -computername $computer # Enable log clear only after the log dump seems to be ok.
    }
    }
    Last edited by vonPryz; 22nd May 2010, 07:53. Reason: Bugfix. Shouldn't script in friday night...

    Comment


    • #3
      Re: Looking for a script to archive event logs

      Of course -- powershell to the rescue!
      Does the add-content cmdlet save the log?

      btw, servers are 2003 and 2008
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Looking for a script to archive event logs

        Originally posted by Ossian View Post
        Of course -- powershell to the rescue!
        Does the add-content cmdlet save the log?

        btw, servers are 2003 and 2008
        Yup. Add-content adds content (doh) to a file. I made a mistake last night, so -value parameter was missing. Check out the current version. It seems to be quite slow (likely string construction is the culprit), but seems to export data items.

        I'll fix the thing up good later on, but I hope you got the idea anyway. Look Technet for get-eventlog, clear-eventlog commandlets.

        -vP

        Comment


        • #5
          Re: Looking for a script to archive event logs

          OK, many thanks -- I'll try it out

          Does PS have to be on the remote computer or only on the one I am running it from?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Looking for a script to archive event logs

            Just on your own computer should be enough.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X