none
Power Shell Assistence moving and clearing Application, Security and System logs to another Windows 2008 R2 server on the LAN. Script Included needs work or rewrite.

    Question

  • Microsoft Community,

      We would like to move all of our local server logs (Application, Security, System logs) to a single centralized log server while clearing the original source.When we run the PS script it does nothing? Can the MS Community come to our rescue. This script I believe only moves over the application log so we need. We want the local server to be able to place the logs on its local D driver while other server placing the logs logs on another server using the UNC \\server\share convention. This seems like a simple task and I have looked at the script however my talents are mostly at the batch level.

        Please help and teach and old dog learn how to do this correctly. The below script is below.

    Thanks

     *************************************************************************

    # Config
    $logFileName = "Application" # Add Name of the Logfile (System, Application, etc)
    $path = "D:\LOGS\SERVERNAME\" # Add Path, needs to end with a backsplash

    # do not edit
    $exportFileName = $logFileName + (get-date -f yyyyMMdd) + ".evt"
    $logFile = Get-WmiObject Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $logFileName}
    $logFile.backupeventlog($path + $exportFileName)
     
    # Deletes all .evt logfiles in $path
    # Be careful, this script removes all files with the extension .evt not just the selfcreated logfiles
    $Daysback = "-7"
     
    $CurrentDate = Get-Date
    $DatetoDelete = $CurrentDate.AddDays($Daysback)
    Get-ChildItem $Path | Where-Object { ($_.LastWriteTime -lt $DatetoDelete) -and ($_.Extension -eq ".evt") } | Remove-Item
    Clear-Eventlog -LogName $logFileName

     *************************************************************************



    Friday, February 24, 2012 3:06 PM

Answers

All replies

  • Hi Mrbobbrain.

    I ran this part of your code (up to create the EVT backup) and it worked.

    # Config
    $logFileName = "Application" # Add Name of the Logfile (System, Application, etc)
    $path = "D:\LOGS\SERVERNAME\" # Add Path, needs to end with a backsplash
    # do not edit
    $exportFileName = $logFileName + (get-date -f yyyyMMdd) + ".evt"
    $logFile = Get-WmiObject Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $logFileName}
    $logFile.backupeventlog($path + $exportFileName)

    Where you are having problem with?



    Thanks, Wilson Souza - MSFT This posting is provided "AS IS" with no warranties, and confers no rights

    Saturday, February 25, 2012 12:05 AM
  • Wilson,

      We now believe we have a fundamental problem. Is there any reason PS scripts will not run on a windows 2008 RS server natively. Is there some sort of security you have to enable to get PS scripts to run first.

    Bobbrain

    Monday, February 27, 2012 3:28 PM
  • Yes....

    There is a policy that doesn't allow unsigned PowerShell script to run.

    You can workaround that by:

    set-executionpolicy Unrestricted

    Ref: http://technet.microsoft.com/en-us/library/cc764242.aspx


    Thanks, Wilson Souza - MSFT This posting is provided "AS IS" with no warranties, and confers no rights

    Monday, February 27, 2012 6:14 PM