Remote event log auditing
From: Jerad (Jerad_at_discussions.microsoft.com)
Date: 02/10/05
- Next message: Torgeir Bakken \(MVP\): "Re: Xcopy script with a GUI prompt"
- Previous message: Paul Knight: "RE: Connecting to remote servers with scripting object"
- Next in thread: Torgeir Bakken \(MVP\): "Re: Remote event log auditing"
- Reply: Torgeir Bakken \(MVP\): "Re: Remote event log auditing"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 14:11:11 -0800
I am looking for a way to get the audit logs of w2k systems into one central
location. The problem I am having is I can only install the script on one
machine. Is there anyway to make a script go out and pull the security log
files onto a network share?
Here is what I have for a single system....
Set fso = CreateObject("Scripting.FileSystemObject")
strComputer = "."
If fso.FolderExists("C:\Event Log") Then
else fso.CreateFolder ("C:\Event Log")
End if
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security,Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("Select * from Win32_NTEventLogFile where LogFileName='Security'")
strFilePath = "c:\Event Log\"
strFileExtension = ".evt"
strDate = CStr(Year(Date) * 10000 + Month(Date) * 100 + Day(Date))
strFile = strFilePath & strDate & strFileExtension
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog(strFile)
If errBackupLog <> 0 Then
Wscript.Echo "The Security event log could not be backed up."
Else
objLogFile.ClearEventLog()
End If
Wscript.Echo "Check out C:\Event Logs."
Next
- Next message: Torgeir Bakken \(MVP\): "Re: Xcopy script with a GUI prompt"
- Previous message: Paul Knight: "RE: Connecting to remote servers with scripting object"
- Next in thread: Torgeir Bakken \(MVP\): "Re: Remote event log auditing"
- Reply: Torgeir Bakken \(MVP\): "Re: Remote event log auditing"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
