I would like to centrally manage and archive event logs for all servers. I must keep 3 years worth and I would like to schedule this as a task to occur every month. I downloaded a script off this site but everytime I run it I would get the "couldn't get log from (name of the computer). Any help would be appreciated.
'Create a FileSystemObjectSet oFS = CreateObject("Scripting.FileSystemObject")
'Open a text file of computer names'with one computer name per lineSet oTS = oFS.OpenTextFile("c:computers.txt")
'go through the text fileDo Until oTS.AtEndOfStream
'get next computer sComputer = oTS.ReadLine
'connect to the WMI provider Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Backup)}!" & _ sComputer & "rootcimv2") 'query the Security logs Set colLogFiles = objWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile where LogFileName='Security'") For Each objLogfile in colLogFiles errBackupLog = objLogFile.BackupEventLog("c:scripts" & sComputer & "" & Date() & ".evt") If errBackupLog <> 0 Then Wscript.Echo "The Application event log could not be backed up from & sComputer" Else objLogFile.ClearEventLog() End If NextLoop
'close the input fileoTS.Close
Help With a Script
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- camobarbie
- Posts: 8
- Last visit: Sun Apr 06, 2008 10:51 pm
Help With a Script
This is the original script, Ive been playing with it trying to get it to work, but I havent yet.
'Create a FileSystemObjectSet FSO = CreateObject("Scripting.FileSystemObject")
'Open a text file of computer names'with one computer name per lineSet oTS = FSO.OpenTextFile("c:computers.txt")
'go through the text fileDo Until oTS.AtEndOfStream
'get next computer sComputer = oTS.ReadLine
'connect to the WMI provider Set oWMIService = GetObject("winmgmts:"_ & "{impersonationLevel=impersonate,(Backup,Security)}!" & _ sComputer & "rootcimv2") 'query the Security logs Set cLogFiles = oWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile where " & _ "LogFileName='Security'") 'go through the collection of logs For Each oLogfile in cLogFiles
'back up the log to a file errBackupLog = oLogFile.BackupEventLog _ ("c:logs" & sComputer & "" & Date() & ".evt") 'see if an error occured If errBackupLog <> 0 Then 'one did - display an error Wscript.Echo "Couldn't get log from " & sComputer Else 'no error - safe to clear the Log oLogFile.ClearEventLog() End If NextLoop
'close the input fileoTS.Close
'Create a FileSystemObjectSet FSO = CreateObject("Scripting.FileSystemObject")
'Open a text file of computer names'with one computer name per lineSet oTS = FSO.OpenTextFile("c:computers.txt")
'go through the text fileDo Until oTS.AtEndOfStream
'get next computer sComputer = oTS.ReadLine
'connect to the WMI provider Set oWMIService = GetObject("winmgmts:"_ & "{impersonationLevel=impersonate,(Backup,Security)}!" & _ sComputer & "rootcimv2") 'query the Security logs Set cLogFiles = oWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile where " & _ "LogFileName='Security'") 'go through the collection of logs For Each oLogfile in cLogFiles
'back up the log to a file errBackupLog = oLogFile.BackupEventLog _ ("c:logs" & sComputer & "" & Date() & ".evt") 'see if an error occured If errBackupLog <> 0 Then 'one did - display an error Wscript.Echo "Couldn't get log from " & sComputer Else 'no error - safe to clear the Log oLogFile.ClearEventLog() End If NextLoop
'close the input fileoTS.Close
Help With a Script
Try this one - I've attached it. It will give you some extra info:
uploads/2491/EL_backup.txt
uploads/2491/EL_backup.txt
Code: Select all
Set FSO = CreateObject("Scripting.FileSystemObject")
Set oTS = FSO.OpenTextFile("e:projectsscriptscomputers.txt")
Do Until oTS.AtEndOfStream
strComputer = oTS.ReadLine
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = SWBemlocator.ConnectServer(strComputer,"rootCIMV2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NTEventlogFile")
For Each objItem In colItems
strDate = Replace(Date, "/", "-")
sFileName = "C:Logs" & strComputer & "-" & objItem.LogfileName & "-" & strDate & ".evt"
LogfileName strCommputer, objItem.LogfileName, sFileName
Next
Loop
Sub LogfileName(sComputer, strEventLog, sBackupFile)
Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup, Security)}!" & strComputer & "rootcimv2")
Set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where " & " Logfilename = '" & strEventLog & "'")
For Each objLog In colLogs
errBackupLog = objLog.BackupEventLog( sBackupFile )
If errBackupLog 0 Then
Select Case errBackupLog
Case 8: strError = "Privilege missing"
Case 21: strError = "Invalid parameter"
Case 80: strError = "Archive file name already exists" 'Vista and later
Case 123: strError = "Funny error code 123" ' usually means format for file name is wrong
Case 183: strError = "Archive file name already exists" ' pre-vista
Case Else: strError = "Unknown Error:" & errBackupLog
End Select
WScript.Echo strEventLog & " backed up filed with error:" & strError
Else
WScript.Echo strEventLog & " backed up to " & sBackupFile
End if
Next
End Sub
Help With a Script
Add this line into Select Case:
Case 3: strError = "Invalid Location or Folder doesn't exists " & sBackupFile
Case 3: strError = "Invalid Location or Folder doesn't exists " & sBackupFile
Help With a Script
Yes - Your answer looks good. I didn't try it but I did look it over.
There is, I beleve, an easier way to handle the dates. AD, like WMI, has a date converter object. You may also be able to get ADO to do the conversion. I haven't had time to look this up yet.
Note:
Disabled is in user flags I believe.
For days in a date calculation we canusually ignore UTC differences although using UTC is more acccurate by +- 1 day sometimes for time closer to midnight or for disperse geographical locations. In this case location is not specified so normalizing UTC is not required.
jvierra2008-03-05 07:01:34
There is, I beleve, an easier way to handle the dates. AD, like WMI, has a date converter object. You may also be able to get ADO to do the conversion. I haven't had time to look this up yet.
Note:
Disabled is in user flags I believe.
For days in a date calculation we canusually ignore UTC differences although using UTC is more acccurate by +- 1 day sometimes for time closer to midnight or for disperse geographical locations. In this case location is not specified so normalizing UTC is not required.
jvierra2008-03-05 07:01:34
Help With a Script
Not sure - I was able to run this against a remote machine on the network here and it seemed to work okay...
Help With a Script
sorry James, you are right. maybe the folder is not exist on remote. I just did a test.
I mean the drive, try using an exist drive letter like B:othman2008-03-21 12:43:44
I mean the drive, try using an exist drive letter like B:othman2008-03-21 12:43:44