none
DC's security log backup and copy to a UNC RRS feed

  • Question

  • DC's security log backup and copy to a UNC.

    I need a vbscript for that.Any help highly appriciated.


    AliahMurfy
    Tuesday, February 15, 2011 11:10 AM

Answers

  • This should work:

    dtmToday = Now()
    
    strBackupName = CStr(Year(dtmToday)) _
      & "_" & Right("0" & CStr(Month(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Day(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Hour(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Minute(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Second(dtmToday)), 2)

     

    This makes sure the month, day, hour, minute, and second are 2 characters each, with a leading zero if necessary. If you don't want the leading zeros, then use this:

    dtmToday = Now()
    
    strBackupName = CStr(Year(dtmToday)) _
      & "_" & CStr(Month(dtmToday)) _
      & "_" & CStr(Day(dtmToday)) _
      & "_" & CStr(Hour(dtmToday)) _
      & "_" & CStr(Minute(dtmToday)) _
      & "_" & CStr(Second(dtmToday))

     

    Richard Mueller


    MVP ADSI
    • Marked as answer by Aliah Murfy Monday, February 21, 2011 8:08 AM
    Saturday, February 19, 2011 10:47 PM
    Moderator

All replies

  • Hi Aliah,

    See this thread, can easily be modified for you to copy the backup's to a UNC path.

    http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/0add603d-a06a-446f-ae58-73b200ee808a/

    Can you be a bit more specific about your intended purpose? Do you want a once off backup or are you looking for an ongoing archiving strategy? Do you want to clear the logs once you've copied them? Probably depends on how often your logs are overwritten and how much disk space you have to store them.

    Cheers Matt :)

    Tuesday, February 15, 2011 11:35 AM
    Moderator
  • strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
     & "{impersonationLevel=impersonate,(Backup)}!\\" & _
     strComputer & "\root\cimv2")
    Set colLogFiles = objWMIService.ExecQuery _
     ("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='security'")
    For Each objLogfile in colLogFiles
     errBackupLog = objLogFile.BackupEventLog("c:\scripts\sec.evt")
     
    next

    _____________________________________

     

    above is fine for me but I need sec.evt_today's date instead of sec.evt


    AliahMurfy
    Tuesday, February 15, 2011 12:09 PM
  • How to add the time with the output file name?

     

    dtmThisDay = Day(Date)
    dtmThisMonth = Month(Date)
    dtmThisYear = Year(Date)
    strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate,(Backup)}!\\" & _
            strComputer & "\root\cimv2")
    Set colLogFiles = objWMIService.ExecQuery _
        ("Select * from Win32_NTEventLogFile where LogFileName='Application'")
    For Each objLogfile in colLogFiles
        objLogFile.BackupEventLog("c:\scripts\" & strBackupName & _
            "_application.evt")
        objLogFile.ClearEventLog()


    AliahMurfy
    Tuesday, February 15, 2011 1:30 PM
  • This should work:

    dtmToday = Now()
    
    strBackupName = CStr(Year(dtmToday)) _
      & "_" & Right("0" & CStr(Month(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Day(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Hour(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Minute(dtmToday)), 2) _
      & "_" & Right("0" & CStr(Second(dtmToday)), 2)

     

    This makes sure the month, day, hour, minute, and second are 2 characters each, with a leading zero if necessary. If you don't want the leading zeros, then use this:

    dtmToday = Now()
    
    strBackupName = CStr(Year(dtmToday)) _
      & "_" & CStr(Month(dtmToday)) _
      & "_" & CStr(Day(dtmToday)) _
      & "_" & CStr(Hour(dtmToday)) _
      & "_" & CStr(Minute(dtmToday)) _
      & "_" & CStr(Second(dtmToday))

     

    Richard Mueller


    MVP ADSI
    • Marked as answer by Aliah Murfy Monday, February 21, 2011 8:08 AM
    Saturday, February 19, 2011 10:47 PM
    Moderator