'Backup event log script
'Get the current date and time
CurrentDate = now
sAcceptableChars = "abcdefghijklmnopqrstuvwxyz0123456789"
'Remove "/", ":", " " from CurrentDate and put it
'in FixDate
For x = 1 to Len(CurrentDate)
ch = mid(CurrentDate, x, 1)
If InStr(sAcceptableChars, LCase(ch)) > 0 Then
FixDate = FixDate & ch
End If
Next
Set wshShell = WScript.CreateObject ("WSCript.shell")
'Start to do event log backup
wshshell.run "C:\Windows\System32\wevtutil cl _
Application /bu:E:\AppEvent_" & FixDate & ".evt", 1, True
wshshell.run "C:\Windows\System32\wevtutil cl Security _
/bu:E:\SecurityEvent_" & FixDate & ".evt", 1, True
wshshell.run "C:\Windows\System32\wevtutil cl Setup _
/bu:E:\SetupEvent_" & FixDate & ".evt", 1, True
wshshell.run "C:\Windows\System32\wevtutil cl System _
/bu:E:\SystemEvent_" & FixDate & ".evt", 1, True
set wshshell = nothing
'Get the current date and time
CurrentDate = now
sAcceptableChars = "abcdefghijklmnopqrstuvwxyz0123456789"
'Remove "/", ":", " " from CurrentDate and put it
'in FixDate
For x = 1 to Len(CurrentDate)
ch = mid(CurrentDate, x, 1)
If InStr(sAcceptableChars, LCase(ch)) > 0 Then
FixDate = FixDate & ch
End If
Next
Set wshShell = WScript.CreateObject ("WSCript.shell")
'Start to do event log backup
wshshell.run "C:\Windows\System32\wevtutil cl _
Application /bu:E:\AppEvent_" & FixDate & ".evt", 1, True
wshshell.run "C:\Windows\System32\wevtutil cl Security _
/bu:E:\SecurityEvent_" & FixDate & ".evt", 1, True
wshshell.run "C:\Windows\System32\wevtutil cl Setup _
/bu:E:\SetupEvent_" & FixDate & ".evt", 1, True
wshshell.run "C:\Windows\System32\wevtutil cl System _
/bu:E:\SystemEvent_" & FixDate & ".evt", 1, True
set wshshell = nothing
No comments:
Post a Comment