For Windows 2003 Server Event viewer archive script

For Windows 2003 Server Event viewer archive script, FYI! in 2k8 you can set archive option but not in 2k3 or below 2k8 servers
 
strArchiveFolder = "C:BckEvt"
ServerName = "."
Set WS = CreateObject("Wscript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
DateString = CurrentDate()
Purge = True
on error resume next
StartTime = Now
Output "———————————"
OutPut "Started at: " & CStr(Now)
Output ""
Set System = GetObject("winmgmts:{(Backup,Security)}" & ServerName & _
"rootCIMV2")
If Err.Number = 0 Then
Set colLogs = System.ExecQuery("select * from Win32_NTEventLogFile",,48)
For Each refLog In colLogs
LogName = ServerName& "_" & LogFileName(refLog.LogFileName) & _
"_" & DateString
If FSO.FileExists(strArchiveFolder & "" & LogName & ".evt") Then _
FSO.DeleteFile(strArchiveFolder & "" & LogName & ".evt")
If Purge Then
RetVal = reflog.ClearEventlog(strArchiveFolder & "" & LogName & ".evt")
Else
RetVal = reflog.BackupEventlog(strArchiveFolder & "" & LogName & ".evt")
End If
If RetVal = 0 Then
Output vbTab & "Log was archived in .evt format: " & LogName & ".evt"
If Purge Then Output vbTab & "All events were cleared from the log"
Else
Output vbTab & "Error while archiving in .evt format."
End If
Next
Else
Output vbTab & "Failed connect to the server"
End If
Set colLogs = Nothing
Set refLogs = Nothing
Set System = Nothing
Output "—————————————-"
OutPut "Finished at: " & CStr(Now)
Output ""
Output ""
Set WS = Nothing
' FullLog.Close ???FullLog=unknown
Set FullLog = Nothing
Set FSO = Nothing
Function CurrentDate
Today = Date
If Month(Today) < 10 Then
CurrentDate = "0" & CStr(Month(Today))
Else
CurrentDate = CStr(Month(Today))
End If
If Day(Today) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Day(Today))
Else
CurrentDate = CurrentDate & CStr(Day(Today))
End If
CurrentDate = CurrentDate & CStr(Year(Today))
If Hour(Time) < 10 Then
CurrentDate = CurrentDate & "0" & CStr(Hour(Time))
Else
CurrentDate = CurrentDate & CStr(Hour(Time))
End If
End Function
Function LogFileName(LogName)
Select Case LogName
Case "Application"
LogFileName = "app"
Case "Directory Service"
LogFileName = "dir"
Case "DNS Server"
LogFileName = "dns"
Case "File Replication Service"
LogFileName = "rep"
Case "Security"
LogFileName = "sec"
Case "System"
LogFileName = "sys"
End Select
End Function
Sub Output(Text)
' wscript.echo text
' FullLog.writeline text ???FullLog=unknown
End Sub
 

——————-
Thanks,

Mike Ditka  – "If God had wanted man to play soccer, he wouldn't have given us arms."

Leave a Comment