Event Log

Event Log Manipulations:

1. Reading the Event Log
2. Clearing the Event Log
3. Creating backup of the Event Log

Code Snippet #1:

1. strComputer = "."
2. Set objWMIService = GetObject("winmgmts:" _
3. & "{impersonationLevel=impersonate}!\\" _
4. & strComputer & "\root\cimv2")
5. Set colLoggedEvents = objWMIService.ExecQuery _
6. ("Select * from Win32_NTLogEvent " _
7. & "Where Logfile = 'System'")
8. For Each objEvent in colLoggedEvents
9. Wscript.Echo "Category: " & objEvent.Category & VBNewLine _
10. & "Computer Name: " & objEvent.ComputerName & VBNewLine _
11. & "Event Code: " & objEvent.EventCode & VBNewLine _
12. & "Message: " & objEvent.Message & VBNewLine _
13. & "Record Number: " & objEvent.RecordNumber & VBNewLine _
14. & "Source Name: " & objEvent.SourceName & VBNewLine _
15. & "Time Written: " & objEvent.TimeWritten & VBNewLine _
16. & "Event Type: " & objEvent.Type & VBNewLine _
17. & "User: " & objEvent.User
18. Next

Code Snippet #2:

1. strComputer = "."
2. Set objWMIService = GetObject("winmgmts:" _
3. & "{impersonationLevel=impersonate,(Backup)}!\\" & _
4. strComputer & "\root\cimv2")
5. Set colLogFiles = objWMIService.ExecQuery _
6. ("Select * from Win32_NTEventLogFile " _
7. & "Where LogFileName='Application'")
8. For Each objLogfile in colLogFiles
9. objLogFile.ClearEventLog()
10. WScript.Echo "Cleared application event log file"
11. Next

Code Snippet #3:

1. strComputer = "."
2. Set objWMIService = GetObject("winmgmts:" _
3. & "{impersonationLevel=impersonate,(Backup)}!\\" & _
4. strComputer & "\root\cimv2")
5. Set colLogFiles = objWMIService.ExecQuery _
6. ("Select * from Win32_NTEventLogFile " _
7. & "Where LogFileName='Application'")
8. For Each objLogfile in colLogFiles
9. errBackupLog = objLogFile.BackupEventLog( _
10. "c:\scripts\application.evt")
11. WScript.Echo "File saved as c:\scripts\applications.evt"
12. Next

If at first you fail, call it version 1.0