Log de eventos Limpar opções no Windows 2003

Navegue suas respostas
0

Quais são as diferentes opções para limpar os logs de eventos no Windows 2003 além de abrir o visualizador de eventos e limpar logs um por um interativamente? Eu não considero que o powershell é uma opção, pois isso também requer o download.

    
por dhomya 29.08.2014 / 16:30

2 respostas

0

Você pode usar o script VB e o WMI (ambos integrados ao Windows) ...

Este código VBS tentará fazer backup de cada log em C: \ temp e, em seguida, eliminá-los (se eles tiverem sido copiados com êxito): 

strComputer = "." 
Set objWMIService = GetObject("winmgmts:" _ 
    & "{impersonationLevel=impersonate,(Backup)}!\" & _ 
        strComputer & "\root\cimv2") 

Set colLogFiles = objWMIService.ExecQuery _ 
    ("Select * from Win32_NTEventLogFile") 

For Each objLogfile in colLogFiles 
    logfileName = objLogFile.LogfileName 
    Wscript.Echo "Processing " + logfileName + " log..."
    errBackupLog = objLogFile.BackupEventLog("c:\temp\" + objLogFile.FileName + ".evt") 
    If errBackupLog <> 0 Then         
        Wscript.Echo "The " + logfileName + " event log could not be backed up." 
    Else 
       objLogFile.ClearEventLog() 
    End If 
Next

Salve-o em um arquivo de texto (ex .: LogClear.vbs ) e execute cscript LogClear.vbs para executá-lo a partir de uma linha de comando.

    
por 29.08.2014 / 16:59
0

Fonte ServerFault answer Salve e limpe log de eventos Resposta do ServerFault por Bart De Vos

There is a SysInternals-tool you can use for this now called PSLogList. This replaces the EventLog.pl from Windows 2K.

You would need to use the -c option to clear the logs after the command and -g to specify the file. (for some strange reason -g is not in the usage-help).

usage: psloglist [- ] [\computer[,computer[,...] | @file [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-h #|-d #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy][-f filter] [-i ID[,ID[,...] | -e ID[,ID[,...]]] [-o event source[,event source][,..]]] [-q event source[,event source][,..]]] [-l event log file] <eventlog>

@file   Execute the command on each of the computers listed in the file.
-a  Dump records timestamped after specified date.
-b  Dump records timestamped before specified date.
-c  Clear the event log after displaying.
-d  Only display records from previous n days.
-c  Clear the event log after displaying.
-e  Exclude events with the specified ID or IDs (up to 10).
-f  Filter event types with filter string (e.g. "-f w" to filter warnings).
-h  Only display records from previous n hours.
-i  Show only events with the specified ID or IDs (up to 10).
-l  Dump records from the specified event log file.
-m  Only display records from previous n minutes.
-n  Only display the number of most recent entries specified.
-o  Show only records from the specified event source (e.g. \"-o cdrom\").
-p  Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-q  Omit records from the specified event source or sources (e.g. \"-q cdrom\").
-r  SDump log from least recent to most recent.
-s  This switch has PsLogList print Event Log records one-per-line, with comma delimited fields. This format is convenient for text searches, e.g. psloglist | findstr /i text, and for importing the output into a spreadsheet.
-t  The default delimeter is a comma, but can be overriden with the specified character.
-u  Specifies optional user name for login to remote computer.
-w  Wait for new events, dumping them as they generate (local system only).
-x  Dump extended data
eventlog    eventlog

If you are after a command you can execute remotely, you would need something like this:

psexec \servername -c psloglist.exe -c -g application.evt application
    
por 29.08.2014 / 16:41

Tags

Redes privadas e encaminhamento de porta com o Virtualbox não trabalhando juntos Não é possível desinstalar o Folder Lock ou o acesso bloqueado