Vista - Please help!! Event log backups

08-21-2008

Hi all,

Being quite new to using Powershell, I'm trying to create a script
with Windows XP, to ultimately run on Server 2003 when finished, which
involves the event logs.

At the moment I can pull off the error and warn events to a text as
required and I can clear the logs.
The problem I am having is that I want to be able to backup the logs
to a specified drive.
I can use "get-eventlog" and "export-clixml" to create a evt file but
it is corrupt on the logs that are in use (Application etc.) and only
works on ones not in use (Internet Explorer etc.)
I can't copy the files from C:\Windows\system32\config for the same
reason.
Obviously I can't stop the service and restart it when i'm done as
it's event log and you can't stop it.
Again obviously I can't use wevtutil either because of the OS's in
use.

Is there any way, that anyone can think of to script this?

Thanks in advance all,

Lucy.

08-21-2008

perhaps this will help

http://bsonposh.com/archives/234

Brandon Shell
---------------
Blog: http://www.bsonposh.com/
PSH Scripts Project: www.codeplex.com/psobject

l> Hi all,
l>
l> Being quite new to using Powershell, I'm trying to create a script
l> with Windows XP, to ultimately run on Server 2003 when finished,
l> which involves the event logs.
l>
l> At the moment I can pull off the error and warn events to a text as
l> required and I can clear the logs.
l> The problem I am having is that I want to be able to backup the logs
l> to a specified drive.
l> I can use "get-eventlog" and "export-clixml" to create a evt file but
l> it is corrupt on the logs that are in use (Application etc.) and only
l> works on ones not in use (Internet Explorer etc.)
l> I can't copy the files from C:\Windows\system32\config for the same
l> reason.
l> Obviously I can't stop the service and restart it when i'm done as
l> it's event log and you can't stop it.
l> Again obviously I can't use wevtutil either because of the OS's in
l> use.
l> Is there any way, that anyone can think of to script this?
l>
l> Thanks in advance all,
l>
l> Lucy.
l>

08-21-2008	#1 (permalink)
lovelyshadeofgreen n/a posts	Please help!! Event log backups Hi all, Being quite new to using Powershell, I'm trying to create a script with Windows XP, to ultimately run on Server 2003 when finished, which involves the event logs. At the moment I can pull off the error and warn events to a text as required and I can clear the logs. The problem I am having is that I want to be able to backup the logs to a specified drive. I can use "get-eventlog" and "export-clixml" to create a evt file but it is corrupt on the logs that are in use (Application etc.) and only works on ones not in use (Internet Explorer etc.) I can't copy the files from C:\Windows\system32\config for the same reason. Obviously I can't stop the service and restart it when i'm done as it's event log and you can't stop it. Again obviously I can't use wevtutil either because of the OS's in use. Is there any way, that anyone can think of to script this? Thanks in advance all, Lucy.
My System Specs

08-21-2008	#2 (permalink)
Brandon Shell [MVP] n/a posts	Re: Please help!! Event log backups perhaps this will help http://bsonposh.com/archives/234 Brandon Shell --------------- Blog: http://www.bsonposh.com/ PSH Scripts Project: www.codeplex.com/psobject l> Hi all, l> l> Being quite new to using Powershell, I'm trying to create a script l> with Windows XP, to ultimately run on Server 2003 when finished, l> which involves the event logs. l> l> At the moment I can pull off the error and warn events to a text as l> required and I can clear the logs. l> The problem I am having is that I want to be able to backup the logs l> to a specified drive. l> I can use "get-eventlog" and "export-clixml" to create a evt file but l> it is corrupt on the logs that are in use (Application etc.) and only l> works on ones not in use (Internet Explorer etc.) l> I can't copy the files from C:\Windows\system32\config for the same l> reason. l> Obviously I can't stop the service and restart it when i'm done as l> it's event log and you can't stop it. l> Again obviously I can't use wevtutil either because of the OS's in l> use. l> Is there any way, that anyone can think of to script this? l> l> Thanks in advance all, l> l> Lucy. l>
My System Specs

Similar Threads
Thread	Forum
HELP need to solve this problem asap - Unable to start event viewer/event log service	Software
Event ID 10 â€” Event Filter Query Functionality	Vista hardware & devices
Boot up Issues - Critical Event Log errors - Event ID = 100, 200, 400, 307, 402	General Discussion
Windows Event Log fails to translate event description.	Vista General
Unable to fetch the Event Log - Event Description	Vista security