您是否经常碰到在登录系统时“系统日志已满,请清空日志”的警告消息呢?如果您的是终端服务器还可能造成终端用户无法登录等问题,即使将日志存储空间加大也会有满的一天,但是作为一名专业的管理员,服务器的日志又是那么的重要,就算你没时间全部阅读一遍,最起码也要保留一份作为日后排错用。那么以下的小脚本就可以帮你解除这些烦恼:
1:备份并清空系统日志,复制代码另存为SysEvtLog_Clear_bak_C.vbs
- On Error Resume Next
- strYear = Year(Date)
- strMonth = Month(Date)
- If strMonth < 10 Then strMonth = 0 & strMonth
- strDay = Day(Date)
- If strDay < 10 Then strDay = 0 & strDay
- strDate = strYear & strMonth & strDay '得到当前日期
- strLogfileName = strYear & strMonth & strDay
- Set objFSO = CreateObject("Scripting.FileSystemObject")
- strPath = "c:\" '日志保存位置
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
- Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName='System'")
- For Each objLogfile in colLogFiles
- objLogFile.BackupEventLog(strPath & "System(" & strLogfileName & ").evt")
- objLogFile.ClearEventLog()
- Next
2:备份并清空应用程序日志,复制代码另存为AppEvtLog_Clear_bak_C.vbs
- On Error Resume Next
- strYear = Year(Date)
- strMonth = Month(Date)
- If strMonth < 10 Then strMonth = 0 & strMonth
- strDay = Day(Date)
- If strDay < 10 Then strDay = 0 & strDay
- strDate = strYear & strMonth & strDay '得到当前日期
- strLogfileName = strYear & strMonth & strDay
- Set objFSO = CreateObject("Scripting.FileSystemObject")
- strPath = "c:\" '日志保存位置
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup)}!\\" & strComputer & "\root\cimv2")
- Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName='Application'")
- For Each objLogfile in colLogFiles
- objLogFile.BackupEventLog(strPath & "Application(" & strLogfileName & ").evt")
- objLogFile.ClearEventLog()
- Next
3:备份并清空安全日志,复制代码另存为SecEvtLog_Clear_bak_C.vbs
- On Error Resume Next
- strYear = Year(Date)
- strMonth = Month(Date)
- If strMonth < 10 Then strMonth = 0 & strMonth
- strDay = Day(Date)
- If strDay < 10 Then strDay = 0 & strDay
- strDate = strYear & strMonth & strDay '得到当前日期
- strLogfileName = strYear & strMonth & strDay
- Set objFSO = CreateObject("Scripting.FileSystemObject")
- strPath = "c:\" '日志保存位置
- strComputer = "."
- Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate,(Backup, Security)}!\\" & strComputer & "\root\cimv2")
- Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName='Security'")
- For Each objLogfile in colLogFiles
- objLogFile.BackupEventLog(strPath & "Security(" & strLogfileName & ").evt")
- objLogFile.ClearEventLog()
- Next
将上面的脚本设置计划任务,每月最后一天运行即可(自行定义备份频率)。
其中代码
objLogFile.ClearEventLog()
为清空日志,如果只需要备份而不清空日志的话删除此行即可。
本文转自yangye1985 51CTO博客,原文链接:http://blog.51cto.com/yangye/265076,如需转载请自行联系原作者
