locked
Scripting Guys need your help RRS feed

  • Question

  • Hi All,

    I was recently asked to create a script that would backup certain event logs
    (Application & Security,System ) to a network location with .evt format which i have taken help from this forum and successfully able to backup the logs.

    Now i am asked that these backup should be in Zip/Compress mode with different, different log file creation after 7 days.

     Slowly slowly i am learning Scripts but will take time.

    What modification should i made in my script. Need your help.

    I have tested the below script successfully to take backup of logs and put it in network location.

    Function ServerBackup-Eventlogs {           

     Param(
      $Computername = $ENV:COMPUTERNAME,
      [array]$EventLogs = @("application","security"),
      $BackupFolder = "C:\BackupEventLogs\"
      )           

     Foreach ( $i in $EventLogs ) {
     If(!( Test-Path $BackupFolder )) { New-Item $BackupFolder -Type Directory }
     $eventlog="c:\BackupEventLogs\$i" + (Get-Date).tostring("yyyyMMdd") + ".evt"
     (get-wmiobject win32_nteventlogfile -ComputerName $computername |
      Where {$_.logfilename -eq "$i"}).backupeventlog($eventlog)           

     

    ## What should i write here to zip/compress the backup to desired location

    ##Clear-EventLog -LogName $i           

     }# end Foreach           

    }#end function           

    ServerBackup-Eventlogs

    Thursday, December 4, 2014 9:17 AM

Answers

  • The script below will remove your log older then 60 days. But if you going to back-up daily or weekly you might want to add a date and time to your log files or they will over write each time you back them up. Also you may want the computer in the file name too if you have more than one system. i.e:sever01_Security_05DEC2014.log

    # You may want to adjust these
    $fullPath = "C:\Path\to\log"
    $numdays = 60
    $numhours = 0
    $nummins = 0

    function ShowOldFiles($path, $days, $hours, $mins)
    {
        $files = @(get-childitem $path -include *.* -recurse | where {($_.LastWriteTime -lt (Get-Date).AddDays(-$days).AddHours(-$hours).AddMinutes(-$mins)) -and ($_.psIsContainer -eq $false)})
        if ($files -ne $NULL)
        {
            for ($idx = 0; $idx -lt $files.Length; $idx++)
            {
                $file = $files[$idx]
                write-host ("Old: " + $file.Name) -Fore Red
    Remove-Item $file
            }
        }

    }

    ShowOldFiles $fullPath $numdays $numhours $nummins


    • Proposed as answer by Devlinsd Thursday, December 4, 2014 12:10 PM
    • Edited by Devlinsd Thursday, December 4, 2014 12:12 PM
    • Marked as answer by Abhijitcse06 Friday, December 5, 2014 3:17 AM
    Thursday, December 4, 2014 12:06 PM

All replies

  • Just call you favorite zip program to zip the files.

    A better method is to just set thefolder to be compressed.  All files will be compressed by the file system when they are created.


    ¯\_(ツ)_/¯

    Thursday, December 4, 2014 10:16 AM
  • Hey Jrv,

    I was waiting response from you only. Much Appreciated for your response.

    Can you please help me to set that exact program. I am very beginner .

    Started studying yesterday only.

    Thursday, December 4, 2014 10:22 AM
  • You don't need a program to set compression on a folder.  Just set thecompressed property on the folder in Explorer.


    ¯\_(ツ)_/¯

    Thursday, December 4, 2014 11:02 AM
  • You are right JRV but my boss has one more question as how you will delete old logs which is older than 60 days from your destination folder(D:\Eventvwr) after backup logs. That should be done by script only!! No manual option

    :-)

    After your suggestion, I have convinced my boss as we will set compress option from explorer. :-)

    Thursday, December 4, 2014 11:27 AM
  • Your boss needs to hire a trined technician or consultant to do these things.  Of course you could learn how ot write a script.

    Start here: http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

    Here are pre-written scripts that manage log files: https://gallery.technet.microsoft.com/scriptcenter/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=logs&f%5B0%5D.Text=Logs%20and%20monitoring&f%5B1%5D.Type=SubCategory&f%5B1%5D.Value=eventlogs&f%5B1%5D.Text=Event%20Logs

    The are many examples of the script you are  looking for in that list.


    ¯\_(ツ)_/¯


    • Edited by jrv Thursday, December 4, 2014 11:36 AM
    Thursday, December 4, 2014 11:35 AM
  • The script below will remove your log older then 60 days. But if you going to back-up daily or weekly you might want to add a date and time to your log files or they will over write each time you back them up. Also you may want the computer in the file name too if you have more than one system. i.e:sever01_Security_05DEC2014.log

    # You may want to adjust these
    $fullPath = "C:\Path\to\log"
    $numdays = 60
    $numhours = 0
    $nummins = 0

    function ShowOldFiles($path, $days, $hours, $mins)
    {
        $files = @(get-childitem $path -include *.* -recurse | where {($_.LastWriteTime -lt (Get-Date).AddDays(-$days).AddHours(-$hours).AddMinutes(-$mins)) -and ($_.psIsContainer -eq $false)})
        if ($files -ne $NULL)
        {
            for ($idx = 0; $idx -lt $files.Length; $idx++)
            {
                $file = $files[$idx]
                write-host ("Old: " + $file.Name) -Fore Red
    Remove-Item $file
            }
        }

    }

    ShowOldFiles $fullPath $numdays $numhours $nummins


    • Proposed as answer by Devlinsd Thursday, December 4, 2014 12:10 PM
    • Edited by Devlinsd Thursday, December 4, 2014 12:12 PM
    • Marked as answer by Abhijitcse06 Friday, December 5, 2014 3:17 AM
    Thursday, December 4, 2014 12:06 PM
  • Thanks JRV for your suggestion , not for solution !!!

    :-) 

    Cheers!

    Thursday, December 4, 2014 12:45 PM
  • Much Much Appreciated to Devlinsd . It works for me. Super!!

    After your suggestion i made a little bit change in my scripts where server name is also coming but i wants naming convention as you suggested. Time is also not coming. Just see if you can help a little bit,

    Here is my script

    Function AimsServerNxtGen-Eventlogs {            

     Param(
      $Computername = $ENV:COMPUTERNAME,
      [array]$EventLogs = @("application","security","system"),
      $BackupFolder = "D:\Eventvwr\"
      )            

     Foreach ( $i in $EventLogs ) {
     If(!( Test-Path $BackupFolder )) { New-Item $BackupFolder -Type Directory }
     $eventlog="D:\Eventvwr\$i" + (Get-Date).tostring("yyyyMMdd") + "$Computername" + ".evt"
     (get-wmiobject win32_nteventlogfile -ComputerName $computername |
      Where {$_.logfilename -eq "$i"}).backupeventlog($eventlog)            

     ##Clear-EventLog -LogName $i            

     }# end Foreach            

    }#end function            

    AimsServerNxtGen-Eventlogs

    Thursday, December 4, 2014 12:50 PM
  • naming conversion is coming as 

    application20141204WIN-MM6E2EOREW

    Thursday, December 4, 2014 12:52 PM
  • $eventlog="D:\Eventvwr\$i" + (Get-Date).tostring("yyyyMMdd") + "$Computername" + ".evt"

    Change to :

    $eventlog="D:\Eventvwr\"$Computername +"_"+$i+"_"+(Get-Date -Format "dMMMyyyy")+".evt"

    See if this work for you



    • Edited by Devlinsd Thursday, December 4, 2014 2:17 PM
    Thursday, December 4, 2014 2:02 PM
  • Now i mearge both scripts and it works fantastic,  but time is not coming

    It comes like,

    WIN-MM6E2EORPUTR_application_04122014

    I am looking like 

    WIN-MM6E2EORPUTR_application_04122014_time

    Then over righting chance will be less if running the script two times in same day for backup

    Appreciated for your help 

    Thursday, December 4, 2014 2:29 PM
  • $eventlog="D:\Eventvwr\"$Computername +"_"+$i+"_"+(Get-Date -Format "dMMMyyyy_
    HH:mm:ss")+".evt"
    Thursday, December 4, 2014 10:39 PM
  • A little farther and it will also wash the windows. Microsoft Windows of course.

    ¯\_(ツ)_/¯

    Thursday, December 4, 2014 10:48 PM
  • getting error for 

    (Get-wmiobject win32_nteventlogfile -ComputerName $Computername| 
      Where {$_.logfilename -eq "$i"}).backupeventlog($eventlog) 

    Monday, December 8, 2014 12:57 PM
  • Hey Dev,

    When i run this script in workgroup environment- works fine 

    but if i run in domain environment found an error as 

    You cannot call a method on a null-valued expression.
    At C:\Users\Administrator\Desktop\backupscriptfinal.ps1:18 char:2
    +  (Get-wmiobject win32_nteventlogfile -ComputerName $Computername|
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    ===============================================================

    Entire script is as 

    Function Gen-Eventlogs {            

     Param(
      $Computername ="$ENV:COMPUTERNAME.$ENV:USERDNSDOMAIN",
      [array]$EventLogs = @("application","security","system"),
      $BackupFolder = "C:\Eventvwr\"
      )            

     Foreach ( $i in $EventLogs ) {
     If(!( Test-Path $BackupFolder )) { New-Item $BackupFolder -Type Directory }


    $eventlog="C:\Eventvwr\$Computername" +"_"+$i+"_"+(Get-Date -Format "yyyyMMdd")+ ".evt"


      ##$eventlog="D:\Eventvwr\$i" + (Get-Date).tostring("yyyyMMdd") + "$Computername" + ".evt"

     (Get-wmiobject win32_nteventlogfile -ComputerName $Computername| 
      Where {$_.logfilename -eq "$i"}).backupeventlog($eventlog)            

     ##Clear-EventLog -LogName $i            

     }# end Foreach            

    }#end function  


    # This will delete old logs , may be 30 days
    $fullPath = "C:\Eventvwr"
    $numdays = 0
    $numhours = 0
    $nummins = 0

    function ShowOldFiles($path, $days, $hours, $mins)
    {
        $files = @(get-childitem $path -include *.* -recurse | where {($_.LastWriteTime -lt (Get-Date).AddDays(-$days).AddHours(-$hours).AddMinutes(-$mins)) -and ($_.psIsContainer -eq $false)})
        if ($files -ne $NULL)
        {
            for ($idx = 0; $idx -lt $files.Length; $idx++)
            {
                $file = $files[$idx]
                write-host ("Old: " + $file.Name) -Fore Red
    Remove-Item $file
          }
        }

    }
    ShowOldFiles $fullPath $numdays $numhours $nummins

              

    Gen-Eventlogs

    Monday, December 8, 2014 1:02 PM
  • You are posting in two  threads with the same title. Please try to post in the correct one:

    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/d9c75a3c-29dd-4f6b-8c6f-b6227c325f1c/scripting-guys-need-your-help?forum=ITCG#c35748a1-1a69-45aa-93d8-20fe365221d9

    THe problem has been solved.  This thread was on  a disffernt question.  This is why the title needs to be a question.

    If you were looking for a directions in google would you type in "I need your help"?  No.  It would be pointless.  Starting question in a forum with the same is just pointless.

    If you learn how to ask equesitons in many cases the answer will become obvious as soon as you ord the quesiotn correctly.


    ¯\_(ツ)_/¯

    Monday, December 8, 2014 10:08 PM