參考來源: http://jojochen.blog.ithome.com.tw/post/2529/77642
參考來源: http://msdn.microsoft.com/en-us/library/aa394593%28v=VS.85%29.aspx
以下為 vbs 內容:
=============================
'定義變數BackupName備份事件檢視器檔案
Dim BackupName
Set Fso = CreateObject("Scripting.FileSystemObject")
'定義當日年,月,日
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strBackupName = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
'設定 WMI 取得 NameSpace 為 root\cimv2 的 Backup 方式
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup,Security)}!\\.\root\cimv2")
'WQL 取得 Win32_NTEventLogFile 為安全性記錄檔 security
Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile Where LogFileName='security'")
For Each objLogfile in colLogFiles
BackupName = "c:\" & strBackupName & "_security.evt"
if (Fso.FileExists(BackupName)) then
objLogFile.BackupEventLog("c:\" & strBackupName & "_security2.evt")
objLogFile.ClearEventLog()
WScript.Echo "File saved: " & strBackupName & "_security2.evt"
else
objLogFile.BackupEventLog("c:\" & strBackupName & "_security.evt")
objLogFile.ClearEventLog()
WScript.Echo "File saved: " & strBackupName & "_security.evt"
end if
Next
Set colLogFiles = Nothing
Set objWMIService = Nothing
Set Fso = Nothing
=============================
更新:
在 windows 2000 執行時遇到 SWbemObject: Access denied 存取遭到拒絕
將 impersonationLevel=impersonate,(Backup) 改成 impersonationLevel=impersonate,(Backup,Security)
沒有留言:
張貼留言