#1 07 Jun 2011 10:54

Anubisko
Member
Registered: 07 Jun 2011
Posts: 2

event log archive vbscript

Hello Guys,

I'm not so good like you in vbscript just starting but i was able (with big help of Google ) create one script but now i'm in ends and don't know how to move it forward.

Target of this script is to look in event log viewer, filter log by type of logs and by current date  or 5 or more days back, base on input batch criteria. Export it to new backup .evt file and delete it.
NOW I'M able to filter only by type. and delete whole log file but don't know how to implement date filtering.

I'm stack in filtering by date.

Eventlogcleaner.bat
--------------------------------------------------------------------------------------------------------------------------------------------------
wscript eventlogcleaner.vbs Application     |=====> future:  wscript eventlogcleaner.vbs Application 5     (where 5 is nr. of day back to history to look and filter)
--------------------------------------------------------------------------------------------------------------------------------------------------

eventlogcleaner.vbs SCRIPT:
--------------------------------------------------------------------------------------------------------------------------------------------------
Option Explicit

Dim typ, strComputerName, errBackupLog
Dim wshShell, objWMIService, objLogfile, colLogFiles
Dim mydate

mydate = Month(date()) &"_"& Day(date()) &"_"&  Year(date())
typ=WScript.Arguments.Item(0)   

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup, Security)}!\\" & strComputerName & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile where LogFileName='" & typ & "'")

For Each objLogfile in colLogFiles
    errBackupLog = objLogFile.BackupEventLog("c:\scripts\" & strComputerName & "_" & typ &"_logs_"& mydate & ".evt")
    If errBackupLog <> 0 Then       
        Wscript.Echo "The Application event log could not be backed up."
    Else   
        'objLogFile.ClearEventLog()
    End If
Next
--------------------------------------------------------------------------------------------------------------------------------------------------

Additional question:  does anyone know abut some program which will work like sniper(Target localizer, don't know how to name it). I mean, i will move over something  window folder or document in Win XP and it will show me what kind of object and class it is and properties.

PS: PLEASE APOLOGIZE ME, I"M NOT NATIVE SPEAKER AND MY ENGLISH IS TERRIBLE.

Many thx for help
Anubisko

Offline

#2 08 Jun 2011 18:35

Simon Sheppard
Super Administrator
Registered: 27 Aug 2005
Posts: 997
Website

Re: event log archive vbscript

Surely the easy way to do this is just schedule your script to run every 5 days - then the logs will only ever contains 5 days of data when you save and clear them.

Also worth mentioning that Log Parser is a good tool for working with event logs

Logparser
http://go.microsoft.com/?linkid=2352243
Examples
http://blogs.iis.net/chrisad/archive/20 … Chris.aspx

Offline

#3 15 Jun 2011 15:03

Anubisko
Member
Registered: 07 Jun 2011
Posts: 2

Re: event log archive vbscript

Hi, Thx you for you answer,
I know what is log parser, but that is not what i coult use  sad I know, easiest way is to do it like you described. let it work 5 days and then delete all events. That was my first idea. But i got limitation from server team that i can't touch log events log on server and I can't delete it.. because I'm not owner of servers and server team guys need to have it in one peace. Don't know why. I must acept this limitation. I have admin rights and i have shared drive mapped on each server apx. 80 servers located on 15 enclosures. 

As i said, I will need apx. on 5 days basic extract from event logs  5 days back history  and zip it and archive it on my map drive. where is another batch file which is deleting all stuff older then 10 day.
Please help
THX

Offline

Board footer

Powered by FluxBB