Page 1 of 1

event log archive vbscript

Posted: 2021-Jul-25, 9:14 am
by MigrationUser
07 Jun 2011 10:54
Anubisko


Hello Guys,

I'm not so good like you in vbscript just starting but i was able (with big help of Google ) create one script but now i'm in ends and don't know how to move it forward.

Target of this script is to look in event log viewer, filter log by type of logs and by current date or 5 or more days back, base on input batch criteria. Export it to new backup .evt file and delete it.
NOW I'M able to filter only by type. and delete whole log file but don't know how to implement date filtering.

I'm stack in filtering by date.

Eventlogcleaner.bat
--------------------------------------------------------------------------------------------------------------------------------------------------
wscript eventlogcleaner.vbs Application |=====> future: wscript eventlogcleaner.vbs Application 5 (where 5 is nr. of day back to history to look and filter)
--------------------------------------------------------------------------------------------------------------------------------------------------

eventlogcleaner.vbs SCRIPT:
--------------------------------------------------------------------------------------------------------------------------------------------------

Code: Select all

Option Explicit

Dim typ, strComputerName, errBackupLog
Dim wshShell, objWMIService, objLogfile, colLogFiles
Dim mydate

mydate = Month(date()) &"_"& Day(date()) &"_"&  Year(date())
typ=WScript.Arguments.Item(0)   

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup, Security)}!\\" & strComputerName & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile where LogFileName='" & typ & "'")

For Each objLogfile in colLogFiles
    errBackupLog = objLogFile.BackupEventLog("c:\scripts\" & strComputerName & "_" & typ &"_logs_"& mydate & ".evt")
    If errBackupLog <> 0 Then       
        Wscript.Echo "The Application event log could not be backed up."
    Else   
        'objLogFile.ClearEventLog()
    End If
Next
--------------------------------------------------------------------------------------------------------------------------------------------------

Additional question: does anyone know abut some program which will work like sniper(Target localizer, don't know how to name it). I mean, i will move over something window folder or document in Win XP and it will show me what kind of object and class it is and properties.

PS: PLEASE APOLOGIZE ME, I"M NOT NATIVE SPEAKER AND MY ENGLISH IS TERRIBLE.

Many thx for help
Anubisko

----------------------------

#2 08 Jun 2011 18:35
Simon Sheppard


Surely the easy way to do this is just schedule your script to run every 5 days - then the logs will only ever contains 5 days of data when you save and clear them.

Also worth mentioning that Log Parser is a good tool for working with event logs

Logparser
https://www.microsoft.com/en-gb/downloa ... x?id=24659
Examples
http://blogs.iis.net/chrisad/archive/20 ... Chris.aspx

----------------------------

#3 15 Jun 2011 15:03
Anubisko


Hi, Thx you for you answer,
I know what is log parser, but that is not what i coult use sad I know, easiest way is to do it like you described. let it work 5 days and then delete all events. That was my first idea. But i got limitation from server team that i can't touch log events log on server and I can't delete it.. because I'm not owner of servers and server team guys need to have it in one peace. Don't know why. I must acept this limitation. I have admin rights and i have shared drive mapped on each server apx. 80 servers located on 15 enclosures.

As i said, I will need apx. on 5 days basic extract from event logs 5 days back history and zip it and archive it on my map drive. where is another batch file which is deleting all stuff older then 10 day.
Please help
THX

original thread: https://ss64.org/oldforum/viewtopic.php?id=1269