W2KSG: Triggered Event Log backups

We have seen how to backup and clear the event log.  What about checking all of the event logs and doing a backup and clear if they have reached a certain size

Listing 12.6

Get-WmiObject -Class Win32_NTEventLogFile | Where {$_.FileSize -gt 10MB} | Foreach {
    $file = "c:\test\" + $_.LogFileName + ".evt"

Use get-wmiobject to get the event log information. Check the file size. I love been able to just put 10MB as the comparison it just makes life so much easier.  Any log that comes through we can then perform a backup and clear the event log as before.

The comparison could be on NumberofRecords instead of file size if you want to back up after a certain amount of activity.


