Background
I wrote this to take a list of servers from a text file, and backup their event logs to .evt files in a central location. I am running the script from a Win2000 Server against a mix of 2000 and NT4 servers, and for 80% of them there is no problem.
Problem
- For eventlogs over 300MB, the script backs up a 1KB file. When opened, the log file is blank, but will say 1.8 million records. Manual backing up will back up the full 300 MB.
- For NT4 Servers, I am getting "Access is Denied" when trying to back up the logs. I can back up the eventlogs manually with the same account used by the script.
What I've Tried
Tried different accounts, waded through activestate mailing lists, upgraded the activestate build from 631 to 633, searched google, begged, pleaded, and sacrificed two goats.
The Code
# Jonathan Dyer X-XXXX,
# Written to take input of list of servers in eventlogs_in.txt and bac
+kup the
# event logs to \\XXXXXXX\EVENTLOGS\SERVER\LOGNAME\DATE
use strict;
use Win32::EventLog;
use File::Copy;
open IN, "<//XXXXXXX/c\$/scripts/eventlogs/eventlogs_in.txt";
while (<IN>){
chomp;
my $server="$_";
print "\n$server\n";
my($date)=join("-", ((split(/\s+/, scalar(localtime)))[1,2,4]));
my $remdir="//XXXXXXX/eventlogs/$server";
open OUT, ">>//XXXXXXX/eventlogs/backuperrors.log" || die "BackupE
+rrors.log cannot be written. Stopping.";
print OUT "$date\n";
for my $eventlog ("Application", "System", "Security") {
print "\t$eventlog";
my $locdir="//$server/c\$/temp/$eventlog";
my $dest="$locdir/$date.evt";
if (!-e $locdir){mkdir ("$locdir") || print OUT "ERR: Can't cr
+eate local log directory on $server: ($^E)\n";}
if (!-e $remdir){mkdir ("$remdir") || print OUT "ERR: Can't cr
+eate $remdir: ($^E)\n";}
if (!-e "$remdir/$eventlog"){mkdir ("$remdir/$eventlog") || pr
+int OUT "ERR: Can't create $remdir/$eventlog: ($^E)\n";}
if ((-e "$remdir/$eventlog")&&(-e "$locdir")){
my %event=(
'Computer',"$server",
'EventID','777',
'EventType',EVENTLOG_INFORMATION_TYPE,
'Category','None',
'Strings',"The $eventlog Event log was backed up to $remdi
+r.",
'Data',"The $eventlog Event log was backed up.",
);
my $handle=Win32::EventLog->new($eventlog, "\\\\$server")
+|| print OUT "ERR: Can't read $eventlog EventLog on $server:($^E)\n";
$handle->Backup($dest) || print OUT "ERR: Could not backup
+ the $eventlog EventLog on $server to $dest ($^E)\n";
#$handle->Clear($dest) || print OUT "ERR: Could not clear
+the $eventlog EventLog on $server:($^E)\n";
$handle->Report(\%event) || print OUT "ERR: Could not writ
+e to the $eventlog event log:($^E)\n" unless ($eventlog=="Security");
+ #Needed b/c writing to Security log is not allowed
$handle->Close;
copy($dest,"$remdir/$eventlog/$date.evt") || print OUT "ER
+R: Couldn't Copy $eventlog Log on $server from $dest to $remdir/$even
+tlog:($!)\n";
#unlink "$dest";
}
}
print OUT "----------\n";
close OUT;
}
Any ideas are welcome. I'm ready to scrap this and go with a co-worker's C-Solution, but it would be a shot to Perl here.
Thanks.
-OzzyOsbourne