如何修改vbs以存档事件日志

时间:2013-08-16 23:07:23

标签: css vbscript

如何修改VB脚本以存档事件日志?我found one VB script正常工作将事件日志存档到网络共享文件夹,但我不确定将VB脚本修改为:

  1. 仅收集系统,应用程序和安全日志,而不是所有日志
  2. 如何制作包含月,日和年的存档日志,并将其保存到同一文件夹中,而不是覆盖它们。

1 个答案:

答案 0 :(得分:0)

您需要更改此行(“从Win32_NTEventLogFile中选择*”)示例

(“从Win32_NTEventLogFile中选择*,其中LogFileName ='Application'”)

为要备份的日志添加过滤器,请参阅http://social.technet.microsoft.com/Forums/scriptcenter/en-US/febbb896-e7fb-42c6-9b1b-6f3e3b293b22/event-viewer-log-script-only-working-for-application-event-log

OR

http://www.activexperts.com/activmonitor/windowsmanagement/scripts/logs/event/

这应该对你有帮助。

根据您的要求查看以下更改的代码,将输出所需的日志并每天保存到其他文件夹。

VBS 

Dim strComputer, objDir2

Dim current: current = Now
Dim strDateStamp: strDateStamp = dateStamp(current)
strComputer = "YourServer" 
objDir2 = "Your File Server Path" & strDateStamp 
Dim objDir1: objDir1 = "\\" & strComputer & "\c$\EVT"
clearEVTLogs = "No"

Set filesys=CreateObject("Scripting.FileSystemObject")
If Not filesys.FolderExists(objDir1) Then
    createDir(objDir1)

If Not filesys.FolderExists(objDir2) Then
    createDir(objDir2)
End If


strPath = objDir2 & "\"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application' Or LogFileName='Security' Or LogFileName='System'")
For Each objLogfile In colLogFiles
    strCopyFile = strDateStamp & "_" & strComputer & "_" _
    & objLogFile.LogFileName & ".evt"
    strBackupFile = "c:\EVT\" & strDateStamp & "_" _
        & strComputer & "_" & objLogFile.LogFileName & ".evt"
    strBackupLog = objLogFile.BackupEventLog _
        (strBackupFile)



    Call copyAFile(objDir1, strPath, strCopyFile)


    If clearEVTLogs = "Yes" Then
        objLogFile.ClearEventLog()
    End If
Next


Function dateStamp(ByVal dt)
    Dim y, m, d
    y = Year(dt)
    m = Month(dt)
    If Len(m) = 1 Then m = "0" & m
    d = Day(dt)
    If Len(d) = 1 Then d = "0" & d
    dateStamp = y & m & d
End Function

Function copyAFile( Byval strSourceFolder, Byval strTargetFolder, _
    Byval strFileName)
    Dim objFSO, booOverWrite, strResult
    Set objFSO = CreateObject( "Scripting.FileSystemObject")
    If objFSO.FileExists( strSourceFolder & "\" & strFileName) _
        And UCase( strSourceFolder) <> UCase( strTargetFolder) Then
        If objFSO.FolderExists( strTargetFolder) Then
            Else
            strResult = "The destination folder does not exist!"
            'copyAFile = strResult
            Exit Function
        End If
        If objFSO.FileExists( strTargetFolder & "\" & strFileName) Then
            strResult = "The file exists, overwritten"
            booOverWrite = vbTrue
        Else
            strResult = "The file does not exist, created"
            booOverWrite = vbFalse
        End If
        objFSO.CopyFile strSourceFolder & "\" _
            & strFileName, strTargetFolder & "\", booOverWrite
    Else
        strResult = "The source file does not exist, or " _
            & "identical Source and Target folders!"
    End If

End Function


Function createDir(strDir)
    Set filesys=CreateObject("Scripting.FileSystemObject")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    wscript.echo strDir
    If Not filesys.FolderExists(strDir) Then
        Set objFolder = objFSO.CreateFolder(strDir)
    End If
End Function
相关问题
最新问题