Batch Script to Automate Event Log Backup on Windows

As a dedicated system administrator, it’s imperative to prioritize the efficient management of Windows server event log backups. Ensuring regular backups and secure storage, preferably on an external hard drive or a reliable cloud storage solution, is key. Adopting a daily backup routine and maintaining a backup archive spanning at least one year is crucial for effective troubleshooting and system analysis.

Discover the Ultimate Batch Script for Windows Log Backup and Storage

Advertisement

Step 1: Create Backup Directory

Initiate your backup process by creating a dedicated backup directory. For instance, establish c:\backup for your primary backups and c:\backup\logs specifically for your log files. Feel free to customize the directory structure to align with your backup strategy.

Effortlessly set up your directory structure with these simple command prompt instructions:

mkdir c:\backup 
mkdir c:\backup\logs 

Step 2: Craft an Efficient Backup Script

Now create a batch script, c:\backup\evt-backup.bat, and embed the following script. Modify the BACKUP_PATH as needed to reflect your chosen backup directory.

@echo off
:: Script begins
:: Timestamp Generation

set BACKUP_PATH=c:\backup\logs

:: Date Parsing (Format: Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

:: Time Parsing (Format: 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%
set cur_ss=%time:~6,2%
set cur_ms=%time:~9,2%
 
:: Setting Timestamp Format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%%cur_ss%%cur_ms%

:: Backup Event Logs
wevtutil epl System %BACKUP_PATH%\system_%timestamp%.evtx
wevtutil epl Application %BACKUP_PATH%\application_%timestamp%.evtx
wevtutil epl Security %BACKUP_PATH%\security_%timestamp%.evtx

:: Delete Old Backups
:: Set the number of days to keep backups
set /a days_to_keep=30

:: Delete files older than the specified number of days
forfiles /p "%BACKUP_PATH%" /s /m *.evtx /d -%days_to_keep% /c "cmd /c del @path"

:: End of Script

During the recent update in script, I have added a section under “Delete Old Backups”. This section uses the forfiles command to identify and delete .evtx files in the backup directory that are older than the specified number of days (days_to_keep). You can adjust the value of days_to_keep to suit your retention policy.

Step 3: Manual Script Execution

Test the script’s efficacy by executing it manually. Launch the Windows command prompt with administrative privileges, navigate to the c:\backup directory, and run the script as follows:

cd c:\backup 
evt-backup.bat 

Verify the creation of the event log backup files post-execution.

Step 4: Automate with Windows Task Scheduler

To ensure seamless and consistent backups, configure this script within the Windows Task Scheduler for automatic execution at regular intervals. A daily backup schedule is typically sufficient for standard system needs.

Thank you for exploring this guide. Implementing this script will significantly enhance your capability to automate Windows log backups, streamlining your system management tasks.