Windows Server 2008 Event Log Archiver Help/Suggestions

• Question

• 

  

  0

  Sign in to vote

  Here is a batch file I wrote using WinRM and WEVTUTIL to clear and back-up event logs to our file server. Also includes a case statment to select the appropriate folder based on the given month. Just wanted to share, cause from all the research I did, I couldn't find anything like this that was complete. Also, can anyone think of a way to shorten this up a bit? Or possibly a better method?

  As a after thought, also have set this up as a Scheduled Task after removing the PAUSE command from the script and /q :) Thanks for any input!

  @ECHO OFF
  ::::::::::::::::::::::::::::::::::::::::::::::::::::::
  :::        LOG ARCHIVER		                   :::
  :::        GAGE HURST                              :::
  :::        13 SEPTEMBER, 2012                      :::
  ::::::::::::::::::::::::::::::::::::::::::::::::::::::
  ::Get the current date and save it to the %date% variable::
  FOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET CDATE=%%B
  FOR /F "TOKENS=2-4 DELIMS=/ " %%A IN ('DATE /T') DO (SET date=%%A%%B%%C)
  ::Creates the "Month" variable which changes value based on the actual month, and thus sets the"Folder" variable to correspond to the correct folder 
  ::located on the file server.
  FOR /F "TOKENS=2-4 DELIMS=/ " %%A IN ('DATE /T') DO (SET Month=%%A)
  GOTO CASE_%Month%
  :case_01
  	IF %Month%==01 SET Folder=1-January
  :case_02
  	IF %Month%==02 SET Folder=2-February
  :case_03
  	IF %Month%==03 SET Folder=3-March
  :case_04
  	IF %Month%==04 SET Folder=4-April
  :case_05
  	IF %Month%==05 SET Folder=5-May
  :case_06
  	IF %Month%==06 SET Folder=6-June
  :case_07
  	IF %Month%==07 SET Folder=7-July
  :case_08
  	IF %Month%==08 SET Folder=8-August
  :case_09
  	IF %Month%==09 SET Folder=9-September
  :case_10
  	IF %Month%==10 SET Folder=10-October
  :case_11
  	IF %Month%==11 SET Folder=11-November
  :case_12
  	IF %Month%==12 SET Folder=12-December
  ::Pulls machine names from .txt file you created, clears them, and back's them up to the designated remote machine::
  FOR /F "TOKENS=1,2* delims= " %%X IN (C:\servers.txt) DO ECHO %%X 
  FOR /F "TOKENS=1,2* delims= " %%X IN (C:\servers.txt) 
  DO WEVTUTIL CL Application /BU:"\\remote_machine\f$\2012\%Folder%\%%X-%date%-APP.evtx"
  FOR /F "TOKENS=1,2* delims= " %%X IN (C:\servers.txt) DO WEVTUTIL CL Security /BU:"\\remote_machine\f$\2012\%Folder%\%%X-%date%-SEC.evtx" 
  FOR /F "TOKENS=1,2* delims= " %%X IN (C:\servers.txt) DO WEVTUTIL CL System /BU:"\\remote_machine\f$\%%X-%date%-SYS.evtx" 
  PAUSE

  
  
  

  • Edited by URLooKINatGLORY Friday, September 14, 2012 7:25 AM

  Friday, September 14, 2012 7:24 AM