PowerShell Function to Backup Event Logs for Windows Servers (Backup-EventLogs)

by | Dec 16, 2014 | PowerShell Scripting, Sample Scripts | 0 comments

Backup-EventLogs  advanced PowerShell Function backs up Event logs for a single server, list of servers or servers in a text file. The function supports event logs backup for Windows Server 2003 (.evt); Windows Server 2008 and Windows Server 2012 (.evtx).

Requirements

  1. At least PoWerShell 2.0 on all servers you wish to backup and the PC you are running the function.
  2. WinRM service running and configured to accept remote connections
  3. Full administrative privileges for the account used to run the function.
  4. A folder share to store event logs backed up. The user running Backup-EventLogs function MUST have rights to create folders and files on the share.

Functionalities / Features

  1. The function has the following features:
  2. Supports event logs backup for Windows Server 2003 (.evt); Windows Server 2008 and Windows Server 2012 (.evtx).
  3. Can backup event logs on a single server or a list of servers separated in periods or a list of servers in a text file.
  4. Support backup of a single event loge for example Application, security; or backup of all event logs of a server or list of servers.
  5. Allows you to backup all event logs in a central location – The function creates a folder for each server in the backup location; it also creates a folder with the date of the backup under the server name.
  6. Supports the cleanup of older log files from the central backup location. This is an optional feature. Ensures that older log files can be deleted based on number of days.
  7. Support clearing of events logs after it has been successfully backed up and copied into the central backup location.
  8. Displays tasks performed as function is running. This will help you troubleshooting and error handling. It also logs errors in a folder called Errorlogs in the BackUpLocation folder specified.
  9. Checks that a server is online before it attempts to back up the event log. If server is offline, it skips it; if server is online, it checks that WinRM service is running and configured to accept connections. If WinRM service is not accepting connections, the server is skipped.
  10. Includes a function Backup-EventLogsSchedule that can be scheduled to run automatically using Windows Task Scheduler.
  11. Includes full help and examples
To download the function and accompanying documents and files, click download Backup-EventLogs.zip

Leave a Reply