保存(并清除)Windows事件日志

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了保存(并清除)Windows事件日志相关的知识,希望对你有一定的参考价值。

Uses the sysinternals (microsoft) utility PsLogList to save specified event logs to files and then clears them. Method can be used to save logs as .evt and .evtx. This script has four event logs listed as an example and has a template command commented. Tested on a local windows 7 machine, but should work for xp, server 2k3 and 2k8.
  1. @echo off
  2. @cls
  3. ::Originally written by the user wesil on spiceworks.com
  4. ::Modified by Rectifier 06-30-2012
  5. ::This batch requires you to download the sysinternals (microsoft) utility psloglist
  6. ::Try http://technet.microsoft.com/en-us/sysinternals or google psloglist
  7.  
  8. ::Tested on a local machine using psloglist.exe version 2.71 on Windows 7 x64 Home Premium
  9. ::Use the ping command to wait from XP onward, timeout works for server 2k3
  10. ::The -g switch only works after the -c switch; this saves the log to file and clears it
  11.  
  12. ::You can change the file extension from evt (older) to evtx (newer) and vice versa
  13.  
  14. ::Change pstooldir to where psloglist.exe is located
  15. set pstooldir=C:PSTools
  16. cd /d %pstooldir%
  17. ::Error handling
  18. if not exist psloglist.exe goto ERR0
  19. if not exist "Event Logs" md "Event Logs"
  20. if not exist "Event Logs" goto ERR1
  21. ::Change logdir to where you want to save the event logs
  22. set logdir=C:Event Logs
  23. ::Template command for saving an event log:
  24. ::psloglist.exe -s -c -g "yourdirfilename %date:~4,2%-%date:~7,2%-%date:~10,4%.extension" "log name"
  25. ::Saved files appear as "filename MM-DD-YYYY.extension" without quotations
  26.  
  27. ::Exports to file and then clears the following event logs
  28. psloglist.exe -s -c -g "%logdir%Security %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" Security
  29. psloglist.exe -s -c -g "%logdir%Application %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" Application
  30. psloglist.exe -s -c -g "%logdir%System %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" System
  31. psloglist.exe -s -c -g "%logdir%Internet Explorer %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" "Internet Explorer"
  32. goto end
  33.  
  34. :ERR0
  35. echo. & echo.
  36. echo psloglist.exe not found !
  37. ping 127.0.0.1 -n 2 >nul
  38. goto emd
  39.  
  40. :ERR1
  41. echo. & echo.
  42. echo Can't create folder "Event Logs"
  43. ping 127.0.0.1 -n 2 >nul
  44. goto end
  45.  
  46. :end
  47. ::Uncomment the pause to view the output before ending the batch file
  48. ::pause
  49. exit /b

以上是关于保存(并清除)Windows事件日志的主要内容,如果未能解决你的问题,请参考以下文章

清除Windows 7事件日志

安装oracle11的时候 提示ORA-28056 未能将审计记录写入windows事件日志,这是怎么回事啊

ClearCallLog 不更新列表视图

清除TortoiseGit在Windows中保存的密码

清除TortoiseGit在Windows中保存的密码

保存事件类型日志