Hey i found a script (if you are reading an wrote this thanks)
# Config
$logFileName = "Security" # Add Name of the Logfile (System, Application, etc)
$path = "e:\seclogs\" # Add Path, needs to end with a backsplash
# do not edit
$exportFileName = "servername" + $logFileName + (get-date -f yyyyMMdd) + ".evt"
$logFile = Get-WmiObject Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $logFileName}
$logile.PSBase.Scope.Options.EnablePrivileges=$True
$logFile.backupeventlog($path + $exportFileName)
I am trying to run it on a windows 2003 file server to get the security logs daily for auditing purposes. I keep getting the errors listed below:
Property 'EnablePrivileges' cannot be found on this object; make sure it exists and is settable.
At C:\ps\BackupSecurityLog.ps1:8 char:30
+ $logile.PSBase.Scope.Options. <<<< EnablePrivileges=$True
+ CategoryInfo : InvalidOperation: (EnablePrivileges:String) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound
Exception calling "BackupEventlog" : "Access denied "
At C:\ps\BackupSecurityLog.ps1:9 char:24
+ $logFile.backupeventlog <<<< ($path + $exportFileName)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WMIMethodException
Can someone please help me write this? I can't believe exporting event logs would be so painful....