Creating Unique File Names When Backing Up Event Logs

Microsoft® Windows® 2000 Scripting Guide

« Previous | Next »   

Each time you back up an event log, you must create a new archive file; you cannot overwrite existing archive files nor can you append additional information to an existing file. Instead, you must either rename the existing archive file or ensure that the new file is given a different name.

For example, the first time you back up the System event log to C:\Scripts\SystemBackup.evt, the new file is created and the procedure succeeds. The second time you attempt the backup, however, the file SystemBackup.evt will already exist and the procedure will fail. To do a second backup, you must first rename or remove SystemBackup.evt.

To help overcome this problem, you can create a script to generate unique file names for each of your event log archives.

Scripting Steps

Listing 12.7 contains a script that uses the log name, date, and time to create unique file names when backing up an event log. To carry out this task, the script must perform the following steps:

1. Use the VBScript functions Day, Month, and Year to determine the day, month, and year of the current date.
2. Create a variable to specify the computer name.
3. Use a GetObject call to connect to the WMI namespace root\cimv2 on the computer, and set the impersonation level to "impersonate."
4. Use the ExecQuery method to query the Win32_NTEventLogFile class.

   To limit data retrieval to a single event log, a Where clause is used specifying that only the Application event log should be returned. The resulting collection will have a single item: the Application event log.

5. For the first (and only) item in the collection, use the LogFileName property to determine the name of the event log file being backed up.
6. Create a unique file name for the backup file.

   This is done by combining the LogFileName with the year, month, and day, separating each portion of the file name with underscores. The net result will be a file name similar to this: System_2002_12_20.evt, where:

   • System = The LogFileName.
   • 2002 = The year.
   • 12 = The month.
   • 20 = The day.
   • .evt = The file extension.
7. Use the Backup method to back up the event log, specifying the generated name as the file name.
8. Use the Clear method to clear the event log.

Listing 12.7   Creating Unique File Names When Backing Up Event Logs

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 

dtmThisDay = Day(Now) dtmThisMonth = Month(Now) dtmThisYear = Year(Now) strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay strComputer = "." Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate,(Backup)}!\\" & _         strComputer & "\root\cimv2") Set colLogFiles = objWMIService.ExecQuery _     ("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application'") For Each objLogfile in colLogFiles     objLogFile.BackupEventLog("c:\scripts\" & strBackupName & _         "_application.evt")     objLogFile.ClearEventLog() Next

Send us your feedback

« Previous | Next »