[Help] Variable $DATE$

[Diabolical82]

I'm trying to create automatic batch that dump Security Audit from Events Log weekly to keep it from getting too full. But for some reason Windows XP will not allow me save file in Date format such as this Sec-Audit-8/12/06.txt because of forward slash character "/"

And here's part of script i've been working on...

dumpevt /logfile=sec /outfile=C:\Logs\Sec-Audit-%DATE%.txt /all /clear

any suggestion?

Thanks

EDIT: I've done some search on google and came up with this....

@echo off
rem created unique log filename, e.g. Wed0804
FOR /F "tokens=1-4 delims=/" %%i in ('date/t') do set filedate=%%i%%j%%k
Set LOG=C:\Logs\Sec-Audit-%filedate%.txt

dumpevt /logfile=sec /outfile="%LOG%" /all /clear 

EXIT

it worked and saved as Sec-Audit 02022006 .txt but i want this format as in "Sec-Audit-020106-2:00pm.txt"

Thanks Again

Edited February 2, 2006 by Diabolical82

[cluberti]

Some vbscript cooking is in order, I think:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
	& "{impersonationLevel=impersonate,(Backup)}!\\" & _
		strComputer & "\root\cimv2")
'
'Set variables
'
dateNow = Now 
strCurrentDate = Year(dateNow) & "-" & Right(100 + Month(dateNow), 2) _
	 & "-" & Right(100 + Day(dateNow), 2)
strCurrentTime = Right(100 + Hour(dateNow), 2) & "." _
	 & Right(100 + Minute(dateNow), 2) & "." & Right(100 + Second(dateNow), 2)

'
'Start Backup/Clear of event log
'
Set colLogFiles = objWMIService.ExecQuery _
	("Select * from Win32_NTEventLogFile where LogFileName='System'")

For Each objLogfile in colLogFiles
	objLogFile.BackupEventLog("C:\TEMP\" & strCurrentDate & "_" & strCurrentTime & _
		"_System.evt")
	objLogFile.ClearEventLog()
Next

This will backup your system log to a file in C:\TEMP with the nonclemature yyyy-mm-dd_HH.MM.SS_System.evt. So, if I did this today at 7:30PM on my system, I'd get "2006-02-01_19.30.16_System.evt" as the file, and the system log would then be cleaned.

Edited February 2, 2006 by cluberti

[Diabolical82]

instresting! but i'm not familar with vbscript... so all i have to do is copy and paste this codes onto notepad and save it as .bat or different format?

EDIT: nevermind got it working with .vbs extention, and i have some questions: I only want security log, not system log and also what kind of program do i need to read .evt extention?

Thanks!

Edited February 2, 2006 by Diabolical82

[Diabolical82]

Finally got it working!

Here's what i did.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
	& "{impersonationLevel=impersonate,(Backup, Security)}!\\" & _
		strComputer & "\root\cimv2")
'
'Set variables
'
dateNow = Now
strCurrentDate = Year(dateNow) & "-" & Right(100 + Month(dateNow), 2) _
	 & "-" & Right(100 + Day(dateNow), 2)
strCurrentTime = Right(100 + Hour(dateNow), 2) & "." _
	 & Right(100 + Minute(dateNow), 2) & "." & Right(100 + Second(dateNow), 2)

'
'Start Backup/Clear of event log
'
Set colLogFiles = objWMIService.ExecQuery _
	("Select * from Win32_NTEventLogFile where LogFileName='Security'")

For Each objLogfile in colLogFiles
	errBackupLog = objLogFile.BackupEventLog("C:\Logs\"& strCurrentDate & "_" & strCurrentTime & _
		"_Security.evt")
	If errBackupLog <> 0 Then		
		Wscript.Echo "The Security event log could not be backed up."
	Else
		objLogFile.ClearEventLog()
	End If
Next

[cluberti]

That's the ticket - good work .

If you learn some simple vbscript, it'll save you the trouble of having to do things with utilities external to the OS - there's actually not much you CAN'T do with a vbscript and some WSH knowledge, all without any 3rd party or resource kit utilities.