Help With a Script

Post by **camobarbie** » Tue Feb 26, 2008 10:49 pm

I would like to centrally manage and archive event logs for all servers. I must keep 3 years worth and I would like to schedule this as a task to occur every month. I downloaded a script off this site but everytime I run it I would get the "couldn't get log from (name of the computer). Any help would be appreciated.

'Create a FileSystemObjectSet oFS = CreateObject("Scripting.FileSystemObject")
'Open a text file of computer names'with one computer name per lineSet oTS = oFS.OpenTextFile("c:computers.txt")
'go through the text fileDo Until oTS.AtEndOfStream
'get next computer sComputer = oTS.ReadLine
'connect to the WMI provider Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Backup)}!" & _ sComputer & "rootcimv2") 'query the Security logs Set colLogFiles = objWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile where LogFileName='Security'") For Each objLogfile in colLogFiles errBackupLog = objLogFile.BackupEventLog("c:scripts" & sComputer & "" & Date() & ".evt") If errBackupLog <> 0 Then Wscript.Echo "The Application event log could not be backed up from & sComputer" Else objLogFile.ClearEventLog() End If NextLoop
'close the input fileoTS.Close

jvierra · Post by **jvierra** » Tue Feb 26, 2008 11:18 pm

Hi

I don't see that message in teh script.

What is in your "computers.txt" file?

Add an echo to send the error errBackupLog t the console to see what is causing any failure.

jvierra · Post by **jvierra** » Wed Feb 27, 2008 1:59 am

Good call othman! You have good eyes.

Post by **camobarbie** » Wed Feb 27, 2008 5:19 am

This is the original script, Ive been playing with it trying to get it to work, but I havent yet.

'Create a FileSystemObjectSet FSO = CreateObject("Scripting.FileSystemObject")
'Open a text file of computer names'with one computer name per lineSet oTS = FSO.OpenTextFile("c:computers.txt")
'go through the text fileDo Until oTS.AtEndOfStream
'get next computer sComputer = oTS.ReadLine
'connect to the WMI provider Set oWMIService = GetObject("winmgmts:"_ & "{impersonationLevel=impersonate,(Backup,Security)}!" & _ sComputer & "rootcimv2") 'query the Security logs Set cLogFiles = oWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile where " & _ "LogFileName='Security'") 'go through the collection of logs For Each oLogfile in cLogFiles
'back up the log to a file errBackupLog = oLogFile.BackupEventLog _ ("c:logs" & sComputer & "" & Date() & ".evt") 'see if an error occured If errBackupLog <> 0 Then 'one did - display an error Wscript.Echo "Couldn't get log from " & sComputer Else 'no error - safe to clear the Log oLogFile.ClearEventLog() End If NextLoop
'close the input fileoTS.Close

jvierra · Post by **jvierra** » Tue Mar 04, 2008 6:18 am

Try this one - I've attached it. It will give you some extra info:

uploads/2491/EL_backup.txt

Code: Select all

	

Set FSO = CreateObject("Scripting.FileSystemObject")
Set oTS = FSO.OpenTextFile("e:projectsscriptscomputers.txt")
Do Until oTS.AtEndOfStream
	
    strComputer = oTS.ReadLine
    
    Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
    Set objWMIService = SWBemlocator.ConnectServer(strComputer,"rootCIMV2")
    Set colItems = objWMIService.ExecQuery("Select * from Win32_NTEventlogFile")
    
    
    For Each objItem In colItems
     strDate = Replace(Date, "/", "-")
   sFileName = "C:Logs" & strComputer & "-" & objItem.LogfileName & "-" & strDate & ".evt"
       LogfileName strCommputer, objItem.LogfileName, sFileName
    Next
Loop
	

Sub LogfileName(sComputer, strEventLog, sBackupFile)
	
   Set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup, Security)}!" & strComputer & "rootcimv2")
   Set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where " & " Logfilename = '" & strEventLog & "'")
   For Each objLog In colLogs
    errBackupLog = objLog.BackupEventLog( sBackupFile )
     If errBackupLog  0 Then
      Select Case errBackupLog
    Case    8: strError = "Privilege missing"
    Case   21: strError = "Invalid parameter"
    Case   80: strError = "Archive file name already exists" 'Vista and later
    Case  123: strError = "Funny error code 123" ' usually means format for file name is wrong
    Case  183: strError = "Archive file name already exists" ' pre-vista
    Case Else: strError = "Unknown Error:" & errBackupLog
   End Select
     WScript.Echo strEventLog & " backed up filed with error:" & strError
    Else
     WScript.Echo strEventLog & " backed up to " & sBackupFile
    End if
   Next
   
End Sub

Post by **othman** » Tue Mar 04, 2008 6:01 pm

Add this line into Select Case:
Case 3: strError = "Invalid Location or Folder doesn't exists " & sBackupFile

jvierra · Post by **jvierra** » Tue Mar 04, 2008 10:58 pm

Yes - Your answer looks good. I didn't try it but I did look it over.

There is, I beleve, an easier way to handle the dates. AD, like WMI, has a date converter object. You may also be able to get ADO to do the conversion. I haven't had time to look this up yet.

Note:

Disabled is in user flags I believe.

For days in a date calculation we canusually ignore UTC differences although using UTC is more acccurate by +- 1 day sometimes for time closer to midnight or for disperse geographical locations. In this case location is not specified so normalizing UTC is not required.

jvierra2008-03-05 07:01:34

Post by **donj** » Fri Mar 21, 2008 12:02 am

Not sure - I was able to run this against a remote machine on the network here and it seemed to work okay...

jvierra · Post by **jvierra** » Fri Mar 21, 2008 5:28 am

No - that's not possible.

Does "C:Logs" exist. It has to exist on all remote computers. It will no be created.

Post by **othman** » Fri Mar 21, 2008 5:40 am

sorry James, you are right. maybe the folder is not exist on remote. I just did a test.

I mean the drive, try using an exist drive letter like B:othman2008-03-21 12:43:44

SAPIEN Technologies