Menu

Batch Script to Backup Windows Server Event Log

Written by , Updated on November 10, 2017
Windows Tutorials , , ,

Being a System administrator, it is your responsibility to backup even logs of your system regularly. Event logs help us for troubleshooting systems. In this tutorial, you will get a simple batch script to take windows event log backups on your Windows system.

Step 1 – Create Backup Directory

Create a backup directory named c:\backup for containing backups and c:\backup\logs for containing log files. You can use your own directory structure for backup.

mkdir c:\backup
mkdir c:\backup\logs

Step 2 – Create Backup Script

Now, create a batch script c:\backup\evt-backup.bat and copy the below script in this batch script. Change the BACKUP_PATH if you are using a different location for backup directory.

rem Script start here
rem Timestamp Generator

set BACKUP_PATH=c:\backup

rem Parse the date (e.g., Thu 02/28/2013)
set cur_yyyy=%date:~10,4%
set cur_mm=%date:~4,2%
set cur_dd=%date:~7,2%

rem Parse the time (e.g., 11:20:56.39)
set cur_hh=%time:~0,2%
if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%)
set cur_nn=%time:~3,2%
set cur_ss=%time:~6,2%
set cur_ms=%time:~9,2%

rem Set the timestamp format
set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%%cur_ss%%cur_ms%

wevtutil epl System %BACKUP_PATH%\system_%timestamp%.evtx
wevtutil epl Application %BACKUP_PATH%\application_%timestamp%.evtx
wevtutil epl Security %BACKUP_PATH%\security_%timestamp%.evtx

rem End of Script

Step 3 – Configure Script in Scheduler

Finally, confiugre this script in windows task schedulers to run it automatically on a regular interval.

Thanks for reading this article, I hope this script will help you to take automatically backup of windows logs.

Rahul
Rahul
Connect on Facebook Connect on Twitter Connect on Google+

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

6 Comments

  1. Avatar sugun Reply to sugun
    January 25, 2019 at 1:08 pm

    Failed to export log Security. Access is denied.

  2. Avatar Rami Reply to Rami
    August 10, 2016 at 2:02 pm

    Hi,
    Thank you for your script,
    I was wondering if i can specify the date, i mean to export the eventlog in last 72 hours as example.?

  3. Avatar Ted Reply to Ted
    February 24, 2016 at 3:54 pm

    I’d like to suggest that for many situations it might be better to use the clear log feature with backup.

    wevtutil cl System /bu:”%BACKUP_PATH%system_%timestamp%.evtx”

    This will create the same backup file as your script, but it will also clear the log so that you are not backing up the same log events the next time.

  4. Avatar rajesh Reply to rajesh
    March 19, 2014 at 11:35 am

    Hi rahul,
    this is very simple and clean …
    in your script, you mentioned about 3 events … but how can we know which event logs we have to observe among around 400 event types … can you suggest …

    • Avatar FA-EF Reply to FA-EF
      February 14, 2019 at 7:36 am

      Hi LEAVE A REPLY
      You can check name of logs in log properties and use Full Name to insert into script.

      Example
      wevtutil epl Microsoft-Windows-PrintService/Operational %BACKUP_PATH%\Operational_%timestamp%.evtx

  5. Avatar Avi Reply to Avi
    November 1, 2013 at 4:25 pm

    Small but very useful script. Thanks for sharing with us….. keep it up

Leave a Reply

All rights reserved. © 2013-2018 TecAdmin.net. This site uses cookies. By using this website you agree our term and services