For Windows 2003 Server Event viewer archive script, FYI! in 2k8 you can set archive option but not in 2k3 or below 2k8 servers
strArchiveFolder = "C:\BckEvt"
ServerName = "."
ServerName = "."
Set WS = CreateObject("Wscript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set FSO = CreateObject("Scripting.FileSystemObject")
DateString = CurrentDate()
Purge = True
on error resume next
StartTime = Now
Output "---------------------------------"
OutPut "Started at: " & CStr(Now)
Output ""
Set System = GetObject("winmgmts:{(Backup,Security)}\\" & ServerName & _
"\root\CIMV2")
If Err.Number = 0 Then
Set colLogs = System.ExecQuery("select * from Win32_NTEventLogFile",,48)
StartTime = Now
Output "---------------------------------"
OutPut "Started at: " & CStr(Now)
Output ""
Set System = GetObject("winmgmts:{(Backup,Security)}\\" & ServerName & _
"\root\CIMV2")
If Err.Number = 0 Then
Set colLogs = System.ExecQuery("select * from Win32_NTEventLogFile",,48)
For Each refLog In colLogs
LogName = ServerName& "_" & LogFileName(refLog.LogFileName) & _
"_" & DateString
LogName = ServerName& "_" & LogFileName(refLog.LogFileName) & _
"_" & DateString
If FSO.FileExists(strArchiveFolder & "\" & LogName & ".evt") Then _
FSO.DeleteFile(strArchiveFolder & "\" & LogName & ".evt")
If Purge Then
RetVal = reflog.ClearEventlog(strArchiveFolder & "\" & LogName & ".evt")
Else
RetVal = reflog.BackupEventlog(strArchiveFolder & "\" & LogName & ".evt")
End If
If RetVal = 0 Then
Output vbTab & "Log was archived in .evt format: " & LogName & ".evt"
If Purge Then Output vbTab & "All events were cleared from the log"
Else
Output vbTab & "Error while archiving in .evt format."
End If
Next
Else
Output vbTab & "Failed connect to the server"
End If
Set colLogs = Nothing
Set refLogs = Nothing
Set System = Nothing
FSO.DeleteFile(strArchiveFolder & "\" & LogName & ".evt")
If Purge Then
RetVal = reflog.ClearEventlog(strArchiveFolder & "\" & LogName & ".evt")
Else
RetVal = reflog.BackupEventlog(strArchiveFolder & "\" & LogName & ".evt")
End If
If RetVal = 0 Then
Output vbTab & "Log was archived in .evt format: " & LogName & ".evt"
If Purge Then Output vbTab & "All events were cleared from the log"
Else
Output vbTab & "Error while archiving in .evt format."
End If
Next
Else
Output vbTab & "Failed connect to the server"
End If
Set colLogs = Nothing
Set refLogs = Nothing
Set System = Nothing
Output "----------------------------------------"
OutPut "Finished at: " & CStr(Now)
Output ""
Output ""
Set WS = Nothing
' FullLog.Close ???FullLog=unknown
Set FullLog = Nothing
Set FSO = Nothing
OutPut "Finished at: " & CStr(Now)
Output ""
Output ""
Set WS = Nothing
' FullLog.Close ???FullLog=unknown
Set FullLog = Nothing
Set FSO = Nothing
Function CurrentDate
Today = Date
If Month(Today) < 10 Then
CurrentDate = "0" & CStr(Month(Today))
Else
CurrentDate = CStr(Month(Today))
End If
If Day(Today) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Day(Today))
Else
CurrentDate = CurrentDate & CStr(Day(Today))
End If
CurrentDate = CurrentDate & CStr(Year(Today))
If Hour(Time) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Hour(Time))
Else
CurrentDate = CurrentDate & CStr(Hour(Time))
End If
End Function
Today = Date
If Month(Today) < 10 Then
CurrentDate = "0" & CStr(Month(Today))
Else
CurrentDate = CStr(Month(Today))
End If
If Day(Today) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Day(Today))
Else
CurrentDate = CurrentDate & CStr(Day(Today))
End If
CurrentDate = CurrentDate & CStr(Year(Today))
If Hour(Time) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Hour(Time))
Else
CurrentDate = CurrentDate & CStr(Hour(Time))
End If
End Function
Function LogFileName(LogName)
Select Case LogName
Case "Application"
LogFileName = "app"
Case "Directory Service"
LogFileName = "dir"
Case "DNS Server"
LogFileName = "dns"
Case "File Replication Service"
LogFileName = "rep"
Case "Security"
LogFileName = "sec"
Case "System"
LogFileName = "sys"
End Select
End Function
Select Case LogName
Case "Application"
LogFileName = "app"
Case "Directory Service"
LogFileName = "dir"
Case "DNS Server"
LogFileName = "dns"
Case "File Replication Service"
LogFileName = "rep"
Case "Security"
LogFileName = "sec"
Case "System"
LogFileName = "sys"
End Select
End Function
Sub Output(Text)
' wscript.echo text
' FullLog.writeline text ???FullLog=unknown
End Sub
' wscript.echo text
' FullLog.writeline text ???FullLog=unknown
End Sub
-------------------
Thanks,
Mike Ditka - "If God had wanted man to play soccer, he wouldn't have given us arms."
No comments:
Post a Comment