W2KSG: Backup Event Log

We have see how to modify event log properties - lets look at backing them up and clearing out the entries. Preferably in that order.

Listing 12.5

$log = Get-WmiObject -Class Win32_NTEventLogFile -Filter  "LogFileName = 'Application'"
$ret = $log.BackupEventLog("c:\test\applog.evt")
if ($ret.returnvalue -eq 0){$log.ClearEventLog()}
else {Write-Host "could not back up log file"}

Start by getting the event log via WMI as we did before.

We can then backup up the event log to a file.  The return value equals zero if everything works. Any other value is an error. We can check the return value and if it is then we clear the log otherwise we get an error message.


