It's a script to backup and clear an event log and (optionally) archive the backup to a remote share. Run it from a BAT file to enable capturing process logging to a file via ">>" redirect output.
Option Explicit
'****************************************************************
' Filename..: event_backups.vbs
' Author....: David Stein
' Date......: 01/09/08
' Purpose...: backup and clear event log on local or remote computer
' SQL.......:
'****************************************************************
Dim sMonth, sDay, sYear, sDateStamp, bkFileName, sBackupFilePath
Dim objWshNet, sUserName, sCompName, sDomain
' used for concatenating the backup file datestamp value
sMonth = Month(Now)
sDay = Day(Now)
sYear = Year(Now)
'****************************************************************
' modify to suit needs
'****************************************************************
Const strComputer = "."
Const eventLog = "System"
Const bkFolderPath = "c:\scripts\test\"
Const doRemoteArchive = True
Const rmtFolderPath = "\\server1\backups$\eventlogs\"
Const archiveNameFormat = "#COMPUTER#_#LOGNAME#_#DATE#.evt"
Const debugMode = True
' concatenate datestampe into YYYYMMDD format
' modify to whatever format you prefer
sDateStamp = sYear & sMonth & sDay
bkFileName = eventLog & "_" & sDateStamp & ".evt"
'****************************************************************
' Do NOT modify anything below this point!!!
'****************************************************************
Sub DebugPrint(cat, s)
If debugMode = True Then
wscript.echo Now & vbTab & cat & vbTab & s
End If
End Sub
Set objWshNet = WScript.CreateObject("WScript.Network")
sDomain = objWshNet.UserDomain
sCompName = objWshNet.ComputerName
sUserName = objWshNet.UserName
Dim objFSO, objWMIService, colLogFiles, errBackupLog, objLogFile
Dim rmtLogPath
rmtLogPath = Replace(archiveNameFormat, "#COMPUTER#", Ucase(sCompName))
rmtLogPath = Replace(rmtLogPath, "#LOGNAME#", Ucase(eventLog))
rmtLogPath = Replace(rmtLogPath, "#DATE#", sDateStamp)
' example archive filename: "COMPUTER1_SYSTEM_20080109.evt", "COMPUTER2_APPLICATION_20080108.evt"
' concatenate the full backup folder and file path
sBackupFilePath = bkFolderPath & bkFileName
debugprint "info", "-------------------------------------------------------------"
debugprint "info", "preparing to back up the " & eventLog & " event log at " & Now
debugprint "info", "domain is " & sDomain
debugprint "info", "computername is " & sCompName
debugprint "info", "username is " & sUserName
debugprint "info", "backup filename is " & sBackupFilePath
Set objFSO = Wscript.CreateObject("Scripting.FileSystemObject")
debugprint "info", "checking for existing backup file [" & sBackupFilePath & "]..."
If objFSO.FileExists(sBackupFilePath) Then
debugprint "info", "backup file already exists (skipping backup)"
Else
debugprint "info", "no existing backup found, running new backup..."
On Error Resume Next
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
If err.Number <> 0 Then
debugprint "error", "unable to invoke wmi interface (aborting)"
Wscript.Quit
End If
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='" & eventLog & "'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog(sBackupFilePath)
If errBackupLog <> 0 Then
debugprint "error", "the [" & eventLog & "] event log could not be backed up"
debugprint "info", "event log will not be cleared"
Else
debugprint "info", "clearing the " & eventLog & " event log..."
objLogFile.ClearEventLog()
If doRemoteArchive = True Then
debugprint "info", "remote archival option has been enabled"
If objFSO.FolderExists(rmtFolderPath) Then
debugprint "info", "remote folder path has been verified, archiving backup file..."
objFSO.CopyFile sBackupFilePath, rmtLogPath
If err.Number <> 0 Then
debugprint "error", "failed to upload copy to archive folder on remote location"
Else
debugprint "info", "backup file was successfully archived to " & rmtLogPath
End If
Else
debugprint "error", "unable to locate remote archival folder path " & rmtFolderPath
End If
End If
End If
Next
End If
debugprint "info", "processing has been completed at " & Now
No comments:
Post a Comment