Diabolical82 Posted February 1, 2006 Share Posted February 1, 2006 (edited) I'm trying to create automatic batch that dump Security Audit from Events Log weekly to keep it from getting too full. But for some reason Windows XP will not allow me save file in Date format such as this Sec-Audit-8/12/06.txt because of forward slash character "/"And here's part of script i've been working on... dumpevt /logfile=sec /outfile=C:\Logs\Sec-Audit-%DATE%.txt /all /clearany suggestion?ThanksEDIT: I've done some search on google and came up with this....@echo offrem created unique log filename, e.g. Wed0804FOR /F "tokens=1-4 delims=/" %%i in ('date/t') do set filedate=%%i%%j%%kSet LOG=C:\Logs\Sec-Audit-%filedate%.txtdumpevt /logfile=sec /outfile="%LOG%" /all /clear EXITit worked and saved as Sec-Audit 02022006 .txt but i want this format as in "Sec-Audit-020106-2:00pm.txt"Thanks Again Edited February 2, 2006 by Diabolical82 Link to comment Share on other sites More sharing options...
cluberti Posted February 2, 2006 Share Posted February 2, 2006 (edited) Some vbscript cooking is in order, I think:strComputer = "."Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Backup)}!\\" & _ strComputer & "\root\cimv2")''Set variables'dateNow = Now strCurrentDate = Year(dateNow) & "-" & Right(100 + Month(dateNow), 2) _ & "-" & Right(100 + Day(dateNow), 2)strCurrentTime = Right(100 + Hour(dateNow), 2) & "." _ & Right(100 + Minute(dateNow), 2) & "." & Right(100 + Second(dateNow), 2)''Start Backup/Clear of event log'Set colLogFiles = objWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile where LogFileName='System'")For Each objLogfile in colLogFiles objLogFile.BackupEventLog("C:\TEMP\" & strCurrentDate & "_" & strCurrentTime & _ "_System.evt") objLogFile.ClearEventLog()NextThis will backup your system log to a file in C:\TEMP with the nonclemature yyyy-mm-dd_HH.MM.SS_System.evt. So, if I did this today at 7:30PM on my system, I'd get "2006-02-01_19.30.16_System.evt" as the file, and the system log would then be cleaned. Edited February 2, 2006 by cluberti Link to comment Share on other sites More sharing options...
Diabolical82 Posted February 2, 2006 Author Share Posted February 2, 2006 (edited) instresting! but i'm not familar with vbscript... so all i have to do is copy and paste this codes onto notepad and save it as .bat or different format?EDIT: nevermind got it working with .vbs extention, and i have some questions: I only want security log, not system log and also what kind of program do i need to read .evt extention?Thanks! Edited February 2, 2006 by Diabolical82 Link to comment Share on other sites More sharing options...
Diabolical82 Posted February 2, 2006 Author Share Posted February 2, 2006 Finally got it working!Here's what i did.strComputer = "."Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Backup, Security)}!\\" & _ strComputer & "\root\cimv2")''Set variables'dateNow = NowstrCurrentDate = Year(dateNow) & "-" & Right(100 + Month(dateNow), 2) _ & "-" & Right(100 + Day(dateNow), 2)strCurrentTime = Right(100 + Hour(dateNow), 2) & "." _ & Right(100 + Minute(dateNow), 2) & "." & Right(100 + Second(dateNow), 2)''Start Backup/Clear of event log'Set colLogFiles = objWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile where LogFileName='Security'")For Each objLogfile in colLogFiles errBackupLog = objLogFile.BackupEventLog("C:\Logs\"& strCurrentDate & "_" & strCurrentTime & _ "_Security.evt") If errBackupLog <> 0 Then Wscript.Echo "The Security event log could not be backed up." Else objLogFile.ClearEventLog() End IfNext Link to comment Share on other sites More sharing options...
cluberti Posted February 2, 2006 Share Posted February 2, 2006 That's the ticket - good work .If you learn some simple vbscript, it'll save you the trouble of having to do things with utilities external to the OS - there's actually not much you CAN'T do with a vbscript and some WSH knowledge, all without any 3rd party or resource kit utilities. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now