- add these registry settings
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] "AutoBackupLogFiles"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System] "AutoBackupLogFiles"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security] "AutoBackupLogFiles"=dword:00000001
2. Create Batch File to Move Archive to Different Drive and schedule daily task
REM Barry Schneider 20100155
moveLocation="[drive:\path]"
move /Y c:\windows\system32\config\Archive-*.evt %moveLocation%
3. Delete Logs After Retention Expires and create daily task
Dim fso, f, f1, fc, folder, ext
archiveFolder="Drive:\Path\"
fileExtension="evt"
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFolder(archiveFolder)
Set fc = f.Files
For Each f1 in fc
fileExt = fso.GetExtensionName(f1.Path)
If fileExt = fileExtension Then
If DateDiff("d", f1.DateLastModified, Now) > 181 Then
f1.Delete
End If
End If
Next
Set fso = Nothing
Set f = Nothing
Set fc = Nothing
1 comment:
This is old, but I wrote a PowerShell script that collects all the Archive-* logs from all servers on the network and moves them to a network share.
Post a Comment