一段备份windows 安全日志的脚本

  • fjmingyang

    2019-04-19 07:51:04
  • Linux操作系统
  • 原创

AD server的安全日志增长很快,于是写了段vbs脚本做备份

strComputer = "."
targetLogs="security" '可用值为 application,system,security
BackupDest="d:event_log"&date&""
filename=BackupDest&targetLogs&CStr(date)&" "&replace(time,":","")&".evt"

Set ofso = wscript.CreateObject("Scripting.FileSystemObject")
if not ofso.FolderExists(BackupDest) then
Set f = ofso.CreateFolder(date) '创建文件夹
end if

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!" & _
strComputer & "rootcimv2") '获得 VMI对象
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='"&targetLogs&"'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog(filename) '将日志备份
objLogFile.ClearEventLog() '将日志清空
If errBackupLog <> 0 Then
'Wscript.Echo "The event log could not be backed up."
else 'Wscript.Echo "success backup log"
End If
Next


请使用浏览器的分享功能分享到微信等