W2KSG: Triggered Event Log backups

We have seen how to backup and clear the event log.  What about checking all of the event logs and doing a backup and clear if they have reached a certain size

Listing 12.6

Get-WmiObject -Class Win32_NTEventLogFile | Where {$_.FileSize -gt 10MB} | Foreach {
    $file = "c:\test\" + $_.LogFileName + ".evt"
    $_.BackupEventLog($file)
    $_.ClearEventLog()
}

Use get-wmiobject to get the event log information. Check the file size. I love been able to just put 10MB as the comparison it just makes life so much easier.  Any log that comes through we can then perform a backup and clear the event log as before.

The comparison could be on NumberofRecords instead of file size if you want to back up after a certain amount of activity.

 

Share this post :

 

Technorati Tags: ,,

Read the complete post at http://richardsiddaway.spaces.live.com/Blog/cns!43CFA46A74CF3E96!1820.entry

Published Thu, Oct 16 2008 11:38 by Richard Siddaway's Blog
Filed under: