Sunday, February 21, 2010

AutoBackupEvent Logs and Move

1. Windows 2003/2008 server will archive the event logs when they become full (see url)
  • add these registry settings

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] "AutoBackupLogFiles"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] "AutoBackupLogFiles"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security] "AutoBackupLogFiles"=dword:00000001

2. Create Batch File to Move Archive to Different Drive and schedule daily task

REM Barry Schneider 20100155

moveLocation="[drive:\path]"

move /Y c:\windows\system32\config\Archive-*.evt %moveLocation%

3. Delete Logs After Retention Expires and create daily task

Dim fso, f, f1, fc, folder, ext

archiveFolder="Drive:\Path\"
fileExtension="evt"
Set fso = CreateObject("Scripting.FileSystemObject")

Set f = fso.GetFolder(archiveFolder)

Set fc = f.Files

For Each f1 in fc

fileExt = fso.GetExtensionName(f1.Path)

If fileExt = fileExtension Then

If DateDiff("d", f1.DateLastModified, Now) > 181 Then

f1.Delete

End If

End If

Next

Set fso = Nothing

Set f = Nothing

Set fc = Nothing

1 comment:

  1. This is old, but I wrote a PowerShell script that collects all the Archive-* logs from all servers on the network and moves them to a network share.

    ReplyDelete