Being a System administrator, it is your responsibility to backup even logs of your system regularly. Event logs help us for troubleshooting systems. In this tutorial, you will get a simple batch script to take windows event log backups on your Windows system.
Step 1 – Create Backup Directory
Create a backup directory named
mkdir c:\backup mkdir c:\backup\logs
Step 2 – Create Backup Script
Now, create a batch script
rem Script start here rem Timestamp Generator set BACKUP_PATH=c:\backup rem Parse the date (e.g., Thu 02/28/2013) set cur_yyyy=%date:~10,4% set cur_mm=%date:~4,2% set cur_dd=%date:~7,2% rem Parse the time (e.g., 11:20:56.39) set cur_hh=%time:~0,2% if %cur_hh% lss 10 (set cur_hh=0%time:~1,1%) set cur_nn=%time:~3,2% set cur_ss=%time:~6,2% set cur_ms=%time:~9,2% rem Set the timestamp format set timestamp=%cur_yyyy%%cur_mm%%cur_dd%-%cur_hh%%cur_nn%%cur_ss%%cur_ms% wevtutil epl System %BACKUP_PATH%\system_%timestamp%.evtx wevtutil epl Application %BACKUP_PATH%\application_%timestamp%.evtx wevtutil epl Security %BACKUP_PATH%\security_%timestamp%.evtx rem End of Script
Step 3 – Configure Script in Scheduler
Finally, confiugre this script in windows task schedulers to run it automatically on a regular interval.
Hi,
Thank you for your script,
I was wondering if i can specify the date, i mean to export the eventlog in last 72 hours as example.?
I’d like to suggest that for many situations it might be better to use the clear log feature with backup.
wevtutil cl System /bu:”%BACKUP_PATH%system_%timestamp%.evtx”
This will create the same backup file as your script, but it will also clear the log so that you are not backing up the same log events the next time.
Hi rahul,
this is very simple and clean …
in your script, you mentioned about 3 events … but how can we know which event logs we have to observe among around 400 event types … can you suggest …
Small but very useful script. Thanks for sharing with us….. keep it up