I'm working with an application that logs to Windows Application Log regularly (viewable through the Event Viewer administrative tool), and I'm looking for a way to back it up on a daily basis. This is important because we sometimes discover a problem with the application - and to investigate further we need information that was logged a week ago. The events we are looking for aren't necessarily still around ... I've tried increasing the size and all that, but I think an automated backup would facilitate the process. We wouldn't end up with huge logs, but rather, multiple moderately-sized logs.
I would prefer a simple solution like batch file + Windows Scheduler, but would also be interested in other approaches.
Thanks
Here is a WMI script that I found a while ago. This could be what you're searching!
dim strComputer = "." 'Define here the Remote IP Address or Computername
dim objWMIService
dim colLogFiles
dim objLogfile
dim errBackupLog
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
Call eventlogbackup("Application")
Call eventlogbackup("System")
Call eventlogbackup("Security")
Function eventlogbackup(logtype)
Set colLogFiles = objWMIService.ExecQuery ("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='" & logtype & "'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("\\server\eventlogs\" & strComputer & "\" &logtype & ".evt")
If errBackupLog <> 0 Then
Wscript.Echo "The " & logtype &" event log could not be backed up."
Else
objLogFile.ClearEventLog()
Wscript.Echo "The " & logtype &" event log is backed up."
End If
Next
End Function
Just set-up this script in a scheduled task and you're good to go!