Created
December 5, 2016 12:45
-
-
Save kemokemo/bf6342c0703edfd23d5cf472230977a9 to your computer and use it in GitHub Desktop.
This vbscript collects all of the windows event logs in the binary (*.evt) format.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' default path to collect event log. | |
| path = "C:\path\to\eventlog" | |
| ' arg0 is path | |
| Dim oParam | |
| set oParam = WScript.Arguments | |
| If oParam.Count > 0 Then | |
| path = oParam(0) | |
| End If | |
| ' collecting event log... | |
| strComputer = "." | |
| Set objWMIService = GetObject("winmgmts:" _ | |
| & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _ | |
| & strComputer & "\root\cimv2") | |
| Set colLogFiles = objWMIService.ExecQuery _ | |
| ("SELECT * FROM Win32_NTEventLogFile") | |
| For Each objLogfile in colLogFiles | |
| strBackupLog = objLogFile.BackupEventLog _ | |
| (path & "\" & objLogFile.LogFileName & ".evt") | |
| Next |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment