Kaseya Community

Save/Clear Event Viewer Log Script

  • Has anyone created or know of a script that can clear a particular Event Viewer log and save the details to a file in a specific location? Specificially, the Security log is the one in question.

    Legacy Forum Name: Save/Clear Event Viewer Log Script,
    Legacy Posted By Username: rhollingsead
  • We have now... Wink

    The following script will use Systernals/Microsoft's PsLogList utility to dump the security event log to security.evt file in specified path (agent temp folder by default) and clear the log.

    You will need to obtain PsLogList.exe (part of PsTools) andplace it in Shared Files on your KServer.

    Note that Step 2 is there to delete any prior security.svt files in target path since it is not automagically overwritten by PsLogList.




    Script Name: Event Log Archive
    Script Description: Use PsLogList utility to dump the Security event log to security.evt and clear entries.

    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : agentTmp
    OS Type : 1
    Delete File
    Parameter 1 : #agentTmp#security.evt
    OS Type : 1
    Write File
    Parameter 1 : #agentTmp#psloglist.exe
    Parameter 2 : VSASharedFilespsloglist.exe
    OS Type : 1
    Execute File
    Parameter 1 : #agentTmp#psloglist.exe
    Parameter 2 : -c -g #agentTmp#security.evt security /accepteula
    Parameter 3 : 3
    OS Type : 1
    Write Script Log Entry
    Parameter 1 : Security event log successfully archived to #agentTmp#security.evt
    OS Type : 1
    Delete File
    Parameter 1 : #agentTmp#psloglist.exe
    OS Type : 1
    ELSE



    -Ed


    Legacy Forum Name: Script Requests,
    Legacy Posted By Username: bellcpa