Friday, April 15, 2011

Simple way to backup event log on Windows Server

Is it possibile to create a simple way to backup the event log, with such as a batch file or a simple app ? I need to make it working on a customer's site, where the reference is an non-expert user. Thanks

From stackoverflow

  • If you're using Windows 2008, use the built-in wevtutil command. Example:

    wevtutil epl Application c:\temp\foo.evtx

    Otherwise, get dumpel.exe from the resource kit, or psloglist from http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx

  • The Microsoft Script Center has some sample code for Backing Up and Clearing Event Logs using VBScript and WMI.

    Frank-Peter Schultze's Scripting Site has some code to clear an event log ( http://www.fpschultze.de/uploads/clrevt.vbs.txt) that you can modify to backup or backup then clear.

    If you have access to the server you can backup from the Event Viewer by right-clicking on a log and using the "Save Log File As..." command. You can save to a binary, tab delimited or comma delimited file.

  • Finally I made a little winapp using this method found on the internet:

    public void DoBackup(string sLogName)
{
    string sBackup = sLogName;  // could be for example "Application"
    EventLog log = new EventLog();
    log.Source = sBackup;

    var query = from EventLogEntry entry in log.Entries
                orderby entry.TimeGenerated descending
                select entry;

    string sBackupName = sBackup+"Log";
    var xml = new XDocument(
        new XElement(sBackupName,
            from EventLogEntry entry in log.Entries
            orderby entry.TimeGenerated descending
            select new XElement("Log",
              new XElement("Message", entry.Message),
              new XElement("TimeGenerated", entry.TimeGenerated),
              new XElement("Source", entry.Source),
              new XElement("EntryType", entry.EntryType.ToString())
            )
          )
        );

    DateTime oggi = DateTime.Now;
    string sToday = DateTime.Now.ToString("yyyyMMdd_hhmmss");
    string path = String.Format("{0}_{1}.xml", sBackupName, sToday);
    xml.Save(Path.Combine(Environment.CurrentDirectory, path));
}

    this is the source link:

    It simply works great!

  • With powershell and export-clixml its oneliner. 

      get-eventlog -list | %{ get-eventlog $_.Log | export-clixml -path ($_.Log + ".xml") }
Posted by Ku XI at 7:51 AM

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)