Backup and clear remote event logs

[Settings_Begin]
BatchSettings.Delimiter=TAB
BatchSettings.MarkerCol=5
//BatchSettings.Debug=Yes

SET Log=%col1%

SET RemoteBackupFilePath=c:\winnt\
SET MoveFilePath=%servername%\admin$\
SET LogSuffix=%date%
SET LocalLogDir=c:\logs\
[Settings_End]

[Machines_Begin]
\\EDU8      NT PDC    
\\MAIN02      NT PDC    
[Machines_End]

[Batch_Begin]
Data.Loop   
 // Backup log on remote machine (Not possible to create backup file on a share)   
 EventLog.Backup %servername%,%Log%,%RemoteBackupFilePath%,%LogSuffix%   
   
 // Move log backup file to local machine through default admin$ share   
 DOS move "%MoveFilePath%%servername2%,%Log%,%LogSuffix%.evt" %LocalLogDir%   
   
 // Clear event log   
 EventLog.Clear %servername%,%Log%   
Data.EndLoop   
[Batch_End]

[Data_Begin]
Application            
Security            
System            
Directory Service            
DNS Server            
File Replication Service            
[Data_End]

What the script does

·	Backup and clear all event (including Windows 2000 and 2003 server specific) logs on \\edu8 and \\main02

·	Move log files to local directory

What to modify in the example

·	[Machines]: replace listed machines with your servers / workstations

·	[Data]: edit list of logs to backup / clear

·	[Settings]: LocalLogDir - local log file directory (please remember to create this directory before running the script)

How to read archived logs

·	Use the file or dir check box in the NTinfo event log reader to read archived logs. (All log source machines must be switched on.)