如何将日期附加到wmic nteventlog命令

时间:2013-10-18 01:16:43

标签: batch-file time wmic

我如何使用我现在拥有的日志文件的输出文件名添加日期。我找到了1或2个日期命令,但我似乎无法使它们与我已经使用的一样。

I.E。:ECHO %time:~0,2%%time:~3,2%%time:~6,2%_%date:~-10,2%%date:~-7,2%%date:~-4,4% 

@echo off
net use y: \\server_name\shared_folder_name /USER:admin password /persistent:yes
wmic nteventlog where filename='application' backupeventlog C:\Users\Public\Desktop\Application.evt
wmic nteventlog where filename='security' backupeventlog C:\Users\Public\Desktop\Security.evt
wmic nteventlog where filename='system' backupeventlog C:\Users\Public\Desktop\System.evt
wmic nteventlog where filename='application' cleareventlog
wmic nteventlog where filename='system' cleareventlog
wmic nteventlog where filename='security' cleareventlog
exit

2 个答案:

答案 0 :(得分:1)

申请WMIC以获取日期。它比操纵%date%变量更强大,因为它取决于区域设置和区域偏好。

此代码的前四行将为您提供XP Pro及更高版本中可靠的YY DD MM YYYY HH Min Sec变量。

@echo off
for /f "tokens=2 delims==" %%a in ('wmic OS Get localdatetime /value') do set "dt=%%a"
set "YY=%dt:~2,2%" & set "YYYY=%dt:~0,4%" & set "MM=%dt:~4,2%" & set "DD=%dt:~6,2%"
set "HH=%dt:~8,2%" & set "Min=%dt:~10,2%" & set "Sec=%dt:~12,2%"

set "datestamp=%YYYY%%MM%%DD%" & set "timestamp=%HH%%Min%%Sec%"
set "fullstamp=%YYYY%-%MM%-%DD%_%HH%-%Min%-%Sec%"
echo datestamp: "%datestamp%"
echo timestamp: "%timestamp%"
echo fullstamp: "%fullstamp%"
pause

答案 1 :(得分:1)

采取foxidrive回答(谢谢,我永远不会记得我可以从wmi获得时间)并重新组织你的代码(你的代码没有错,我更喜欢将任务配置与任务执行分开)

@echo off
    rem prepare environment
    setlocal enableextensions

    rem configuration
    set _logPath=C:\Users\Public\Desktop
    set _eventLogs=Application Security System "Internet Explorer"

    rem call subroutine for each of the event logs
    for %%e in (%_eventLogs%) do call :backupClearLog %%e "%_logPath%"

    rem cleanup
    endlocal 

    rem end of the work. exit batch file
    exit /b

:backupClearLog
    rem retrieve timestamp
    for /f "tokens=2 delims==.," %%a in ('wmic OS Get localdatetime /value') do set _timeStamp=%%a

    rem %~1 = log name, without quotes
    set _eventLog=%~1

    rem %~2 = directory to store backup, without quotes
    set _output="%~2\%_timeStamp%_%_eventLog%.evt"

    rem if you prefer timestamp as a suffix, use the following line instead
    set _output="%~2\%_eventLog%_%_timeStamp%.evt"

    rem Save Event Logs - Remove echo to make it work
    echo wmic nteventlog where filename='%_eventLog%' backupeventlog %_output%
    echo wmic nteventlog where filename='%_eventLog%' cleareventlog

    goto :EOF

我在事件日志列表中包含了“Internet Explorer”,以反映名称中包含空格的日志的用法。

相关问题
最新问题