0

如何修改 VB 脚本来归档事件日志?我发现一个 VB 脚本可以很好地将事件日志存档到网络共享文件夹,但我不确定将 VB 脚本修改为:

  1. 仅收集系统、应用程序和安全日志而不是所有日志
  2. 如何使用月、日和年制作这些归档日志,并将它们每天保存到同一个文件夹而不覆盖它们。
4

1 回答 1

0

您需要更改此行 ("Select * from Win32_NTEventLogFile") 示例

("Select * from Win32_NTEventLogFile where LogFileName='Application'")

为您希望备份的日志添加过滤器,请参阅http://social.technet.microsoft.com/Forums/scriptcenter/en-US/febbb896-e7fb-42c6-9b1b-6f3e3b293b22/event-viewer-log-script-only -为应用程序工作的事件日志

或者

http://www.activexperts.com/activmonitor/windowsmanagement/scripts/logs/event/

这应该可以帮助你。

请参阅以下更改的代码以满足您的要求,每天将输出所需的日志并保存到不同的文件夹。

VBS

Dim strComputer, objDir2

Dim current: current = Now
Dim strDateStamp: strDateStamp = dateStamp(current)
strComputer = "YourServer" 
objDir2 = "Your File Server Path" & strDateStamp 
Dim objDir1: objDir1 = "\\" & strComputer & "\c$\EVT"
clearEVTLogs = "No"

Set filesys=CreateObject("Scripting.FileSystemObject")
If Not filesys.FolderExists(objDir1) Then
    createDir(objDir1)

If Not filesys.FolderExists(objDir2) Then
    createDir(objDir2)
End If


strPath = objDir2 & "\"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
        & strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application' Or LogFileName='Security' Or LogFileName='System'")
For Each objLogfile In colLogFiles
    strCopyFile = strDateStamp & "_" & strComputer & "_" _
    & objLogFile.LogFileName & ".evt"
    strBackupFile = "c:\EVT\" & strDateStamp & "_" _
        & strComputer & "_" & objLogFile.LogFileName & ".evt"
    strBackupLog = objLogFile.BackupEventLog _
        (strBackupFile)



    Call copyAFile(objDir1, strPath, strCopyFile)


    If clearEVTLogs = "Yes" Then
        objLogFile.ClearEventLog()
    End If
Next


Function dateStamp(ByVal dt)
    Dim y, m, d
    y = Year(dt)
    m = Month(dt)
    If Len(m) = 1 Then m = "0" & m
    d = Day(dt)
    If Len(d) = 1 Then d = "0" & d
    dateStamp = y & m & d
End Function

Function copyAFile( Byval strSourceFolder, Byval strTargetFolder, _
    Byval strFileName)
    Dim objFSO, booOverWrite, strResult
    Set objFSO = CreateObject( "Scripting.FileSystemObject")
    If objFSO.FileExists( strSourceFolder & "\" & strFileName) _
        And UCase( strSourceFolder) <> UCase( strTargetFolder) Then
        If objFSO.FolderExists( strTargetFolder) Then
            Else
            strResult = "The destination folder does not exist!"
            'copyAFile = strResult
            Exit Function
        End If
        If objFSO.FileExists( strTargetFolder & "\" & strFileName) Then
            strResult = "The file exists, overwritten"
            booOverWrite = vbTrue
        Else
            strResult = "The file does not exist, created"
            booOverWrite = vbFalse
        End If
        objFSO.CopyFile strSourceFolder & "\" _
            & strFileName, strTargetFolder & "\", booOverWrite
    Else
        strResult = "The source file does not exist, or " _
            & "identical Source and Target folders!"
    End If

End Function


Function createDir(strDir)
    Set filesys=CreateObject("Scripting.FileSystemObject")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    wscript.echo strDir
    If Not filesys.FolderExists(strDir) Then
        Set objFolder = objFSO.CreateFolder(strDir)
    End If
End Function
于 2013-08-16T23:21:32.363 回答