1

我将如何使用我现在拥有的内容将日期添加到日志文件的输出文件名中。我找到了 1 或 2 个日期命令,但似乎无法让它们与我已有的命令一起工作。

IE:ECHO %time:~0,2%%time:~3,2%%time:~6,2%_%date:~-10,2%%date:~-7,2%%date:~-4,4%

@echo off
net use y: \\server_name\shared_folder_name /USER:admin password /persistent:yes
wmic nteventlog where filename='application' backupeventlog C:\Users\Public\Desktop\Application.evt
wmic nteventlog where filename='security' backupeventlog C:\Users\Public\Desktop\Security.evt
wmic nteventlog where filename='system' backupeventlog C:\Users\Public\Desktop\System.evt
wmic nteventlog where filename='application' cleareventlog
wmic nteventlog where filename='system' cleareventlog
wmic nteventlog where filename='security' cleareventlog
exit
4

2 回答 2

1

也应用 WMIC 来获取日期。它比操纵 %date% 变量更健壮,因为这取决于语言环境和区域偏好。

此代码的前四行将为您提供 XP Pro 及更高版本中可靠的 YY DD MM YYYY HH Min Sec 变量。

@echo off
for /f "tokens=2 delims==" %%a in ('wmic OS Get localdatetime /value') do set "dt=%%a"
set "YY=%dt:~2,2%" & set "YYYY=%dt:~0,4%" & set "MM=%dt:~4,2%" & set "DD=%dt:~6,2%"
set "HH=%dt:~8,2%" & set "Min=%dt:~10,2%" & set "Sec=%dt:~12,2%"

set "datestamp=%YYYY%%MM%%DD%" & set "timestamp=%HH%%Min%%Sec%"
set "fullstamp=%YYYY%-%MM%-%DD%_%HH%-%Min%-%Sec%"
echo datestamp: "%datestamp%"
echo timestamp: "%timestamp%"
echo fullstamp: "%fullstamp%"
pause
于 2013-10-18T02:33:31.087 回答
1

接受 foxidrive 的回答(谢谢,我不记得我可以从 wmi 获得时间)并重新组织您的代码(您的代码没有问题,我更喜欢将任务配置与任务执行分开)

@echo off
    rem prepare environment
    setlocal enableextensions

    rem configuration
    set _logPath=C:\Users\Public\Desktop
    set _eventLogs=Application Security System "Internet Explorer"

    rem call subroutine for each of the event logs
    for %%e in (%_eventLogs%) do call :backupClearLog %%e "%_logPath%"

    rem cleanup
    endlocal 

    rem end of the work. exit batch file
    exit /b

:backupClearLog
    rem retrieve timestamp
    for /f "tokens=2 delims==.," %%a in ('wmic OS Get localdatetime /value') do set _timeStamp=%%a

    rem %~1 = log name, without quotes
    set _eventLog=%~1

    rem %~2 = directory to store backup, without quotes
    set _output="%~2\%_timeStamp%_%_eventLog%.evt"

    rem if you prefer timestamp as a suffix, use the following line instead
    set _output="%~2\%_eventLog%_%_timeStamp%.evt"

    rem Save Event Logs - Remove echo to make it work
    echo wmic nteventlog where filename='%_eventLog%' backupeventlog %_output%
    echo wmic nteventlog where filename='%_eventLog%' cleareventlog

    goto :EOF

我在事件日志列表中包含了“Internet Explorer”,以反映名称中带有空格的日志的使用情况。

于 2013-10-18T06:22:27.580 回答