Advanced Search

Return to Snippet

Revision: 58201
at July 1, 2012 03:54 by Rectifier
Initial Code 
@echo off
@cls
::Originally written by the user wesil on spiceworks.com
::Modified by Rectifier 06-30-2012
::This batch requires you to download the sysinternals (microsoft) utility psloglist
::Try http://technet.microsoft.com/en-us/sysinternals or google psloglist

::Tested on a local machine using psloglist.exe version 2.71 on Windows 7 x64 Home Premium
::Use the ping command to wait from XP onward, timeout works for server 2k3
::The -g switch only works after the -c switch; this saves the log to file and clears it

::You can change the file extension from evt (older) to evtx (newer) and vice versa

::Change pstooldir to where psloglist.exe is located
set pstooldir=C:\PSTools
cd /d %pstooldir%
::Error handling
if not exist psloglist.exe goto ERR0
if not exist "Event Logs" md "Event Logs"
if not exist "Event Logs" goto ERR1
::Change logdir to where you want to save the event logs
set logdir=C:\Event Logs
::Template command for saving an event log:
::psloglist.exe -s -c -g "yourdir\filename %date:~4,2%-%date:~7,2%-%date:~10,4%.extension" "log name"
::Saved files appear as "filename MM-DD-YYYY.extension" without quotations

::Exports to file and then clears the following event logs
psloglist.exe -s -c -g "%logdir%\Security %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" Security
psloglist.exe -s -c -g "%logdir%\Application %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" Application
psloglist.exe -s -c -g "%logdir%\System %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" System
psloglist.exe -s -c -g "%logdir%\Internet Explorer %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" "Internet Explorer"
goto end

:ERR0
echo. & echo.
echo psloglist.exe not found !
ping 127.0.0.1 -n 2 >nul
goto emd

:ERR1
echo. & echo.
echo Can't create folder "Event Logs"
ping 127.0.0.1 -n 2 >nul
goto end

:end
::Uncomment the pause to view the output before ending the batch file
::pause
exit /b
Initial URL 









Initial Description





Uses the sysinternals (microsoft) utility PsLogList to save specified event logs to files and then clears them. Method can be used to save logs as .evt and .evtx. This script has four event logs listed as an example and has a template command commented. Tested on a local windows 7 machine, but should work for xp, server 2k3 and 2k8.









Initial Title





Save (and clear) Windows Event Logs









Initial Tags





event, windows









Initial Language





DOS Batch