Created
October 21, 2014 11:48
-
-
Save demofly/494fd888fca5c08ac209 to your computer and use it in GitHub Desktop.
Windows 2008 R2 event logs backup script for the task scheduler
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $adir = "L:\ARCHIVE" | |
| $subdir = get-date -uformat "%Y.%m.%d" | |
| New-Item -ItemType directory -Path $adir\$subdir | out-null | |
| $elogs = (wevtutil el) | |
| foreach ($i in $elogs) | |
| { | |
| $in = $i -replace " ","_" | |
| $in = $in -replace "/","_" | |
| # Write-Host $($i + " ____ " + $in) | |
| # wevtutil epl "$i" "$adir\$subdir\$in.evtx" | |
| wevtutil cl "$i" "/bu:$adir\$subdir\$in.evtx" | |
| } | |
| # Run with: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Archive_Logs.ps1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment