Search-Help
Last Update: October 15, 2012
PowerShell Version: 2.0 and 3.0
Libraries:
- PSv3.psm1
.SYNOPSIS
Allows for the backing up and clearing of event logs.
.DESCRIPTION
Allows for the backing up and clearing of multiple event logs on multiple
Clients and Servers. The event logs will be copied to the location
specified in the PATH parameter. The cmdlet will automatically
create a file structure for Year and then month.
The backed up files Names will have the format
Server-Log-Day-Hour-Minute to help denote separate backups
in the Month folders.
Logs are not cleared unless the CLEAR switch is invoked.
To work with the Security Log, the user must be running PowerShell
As an Administrator.
.PARAMETER ClearLog
Clears the log if the backup was successful.
.PARAMETER ComputerName
List of computer names in which to attempt a backup of event log data.
.PARAMETER LogFiles
List of all event logs to attempt to backup.
.PARAMETER Path
The root destination path to store the backup logs in.
.PARAMETER Quiet
Suppresses all information and warning messages.
.NOTES
===============================================================================
Copyright 2012 MCTExpert, Inc.
Licensed for use by participants from classes delivered by Jason Yoder.
This script is provided without support, warranty, or guarantee.
User assumes all liability for cmdlet results.
===============================================================================
.EXAMPLE
Backup-EventLog -ComputerName Indy-DC1 -LogFiles Security, Application -Path f:\Logs
Backs up the Security and Application Logs from server Indy-DC1 to the path f:\Logs.
.EXAMPLE
Backup-EventLog -ComputerName Indy-DC1, Indy-CLI1, LON-SVR2 -LogFiles System -Path "\\LON-SVR1\Logs" -ClearLog| Where-Object {$_.online -eq $True}
ComputerName : Indy-DC1
Online : True
System_Exists : True
System_BackedUp : True
System_Cleared : True
ComputerName : Indy-SVR2
Online : True
System_Exists : True
System_BackedUp : True
System_Cleared : True
Returns all clients eventlog backup information for clients that were online and connected.
.EXAMPLE
PS F:\code> Backup-EventLog -ComputerName Indy-DC1, Indy-CLI1, Indy-SVR2 -LogFiles System -Path "\\Indy-SVR1\Logs" -ClearLog | FT
ComputerName Online System_Exists System_BackedUp System_Cleared
------------ ------ ------------- --------------- --------------
Indy-DC1 True True True True
Indy-CLI1 False False False False
Indy-SVR2 True True True True
.EXAMPLE
Backup-EventLog -ComputerName Indy-DC1, Indy-CLI1, Indy-SVR2 -LogFiles System, application, Security -Path "\\Indy-SVR1\Logs" -ClearLog -Quiet
ComputerName : Indy-DC1
Online : True
System_Exists : True
System_BackedUp : True
System_Cleared : True
application_Exists : True
application_BackedUp : True
application_Cleared : True
Security_Exists : True
Security_BackedUp : True
Security_Cleared : True
ComputerName : Indy-CLI1
Online : False
System_Exists : False
System_BackedUp : False
System_Cleared : False
application_Exists : False
application_BackedUp : False
application_Cleared : False
Security_Exists : False
Security_BackedUp : False
Security_Cleared : False
ComputerName : Indy-SVR2
Online : True
System_Exists : True
System_BackedUp : True
System_Cleared : True
application_Exists : True
application_BackedUp : True
application_Cleared : True
Security_Exists : True
Security_BackedUp : True
Security_Cleared : True
Backups and clears all System, Application, and Security events on server
Indy-DC, Indy-CLI1, and Indy, SVR2. The logs are backup on Indy-SVR2.
All status messages are suppressed.
#>
}
No comments:
Post a Comment