# Jonathan Dyer X-XXXX, # Written to take input of list of servers in eventlogs_in.txt and backup the # event logs to \\XXXXXXX\EVENTLOGS\SERVER\LOGNAME\DATE use strict; use Win32::EventLog; use File::Copy; open IN, "){ chomp; my $server="$_"; print "\n$server\n"; my($date)=join("-", ((split(/\s+/, scalar(localtime)))[1,2,4])); my $remdir="//XXXXXXX/eventlogs/$server"; open OUT, ">>//XXXXXXX/eventlogs/backuperrors.log" || die "BackupErrors.log cannot be written. Stopping."; print OUT "$date\n"; for my $eventlog ("Application", "System", "Security") { print "\t$eventlog"; my $locdir="//$server/c\$/temp/$eventlog"; my $dest="$locdir/$date.evt"; if (!-e $locdir){mkdir ("$locdir") || print OUT "ERR: Can't create local log directory on $server: ($^E)\n";} if (!-e $remdir){mkdir ("$remdir") || print OUT "ERR: Can't create $remdir: ($^E)\n";} if (!-e "$remdir/$eventlog"){mkdir ("$remdir/$eventlog") || print OUT "ERR: Can't create $remdir/$eventlog: ($^E)\n";} if ((-e "$remdir/$eventlog")&&(-e "$locdir")){ my %event=( 'Computer',"$server", 'EventID','777', 'EventType',EVENTLOG_INFORMATION_TYPE, 'Category','None', 'Strings',"The $eventlog Event log was backed up to $remdir.", 'Data',"The $eventlog Event log was backed up.", ); my $handle=Win32::EventLog->new($eventlog, "\\\\$server") || print OUT "ERR: Can't read $eventlog EventLog on $server:($^E)\n"; $handle->Backup($dest) || print OUT "ERR: Could not backup the $eventlog EventLog on $server to $dest ($^E)\n"; #$handle->Clear($dest) || print OUT "ERR: Could not clear the $eventlog EventLog on $server:($^E)\n"; $handle->Report(\%event) || print OUT "ERR: Could not write to the $eventlog event log:($^E)\n" unless ($eventlog=="Security"); #Needed b/c writing to Security log is not allowed $handle->Close; copy($dest,"$remdir/$eventlog/$date.evt") || print OUT "ERR: Couldn't Copy $eventlog Log on $server from $dest to $remdir/$eventlog:($!)\n"; #unlink "$dest"; } } print OUT "----------\n"; close OUT; }