自动备份多台服务器System Event Log解决方案

审计需要备份公司多台Windows2000/2003成员服务器（DC在总部），并将其并入公司的数据自动备份方案中。
1. 考虑先用脚本实现备份过程，文件名eventlogsbackup.vbs.(脚本如下，其中需维护一服务器清单)
2. 建立一批文件Eventlogsbackup.bat, 包含语句cscript eventlogsbackup.vbs
3. Schedule a task 来用你的域帐户RunAs运行此批文件,当然之前你必须将此域帐号加入到能读写系统Event的用户组中.（用这种方法，你的域帐户的密码不用担心是明文而被看到）
4. 运行此任务，所有的服务器的Event logs数据将被集中备份到一点。

On Error Resume Next
Dim strDate
centralDumpPath = "\\Dserver\Eventlogs\"
RemoteDumpPath = "C:\EventLogs\"
arrLogs=Array("Application","System","Security")
Set oFS = CreateObject("Scripting.FileSystemObject")
Set WshShell = WScript.CreateObject("wscript.shell")
Set oTS = oFS.OpenTextFile("C:\EventLogs\serverlist.txt")
arrComputers=Split(Trim(oTS.ReadAll),VbCrLf)
oTS.Close
For Each sComputer In arrComputers
  if Len(sComputer)>0 Then 'skip any blank lines
      For Each strLog In arrLogs
          strDate = CStr(Date())
          strDate = Replace(strDate, "/", "-")
          remoteDumpFile =  UCase(sComputer) &_
           "-" & strLog & "-" & strDate & ".evt"  
          rc=BackupLog(strLog,remoteDumpPath & remoteDumpFile,sComputer)
              If rc(0)=0 Then
               strSource="\\" & sComputer & "\" & Replace(remoteDumpPath &_
                remoteDumpFile, "C:", "C$")
               strDestination=centralDumpPath & sComputer &_
                "\" & remoteDumpFile
               MoveFile strSource,strDestination
              Else
               Wscript.Echo "Couldn't get log " & strLog & " from " & sComputer &_
                ".  Error code: " & rc(0) & " " & rc(1)
              End If
      Next
    End If
Next
WScript.Quit

Function BackupLog(sLog,sFile,sComputer)
On Error Resume Next
Set oFS = CreateObject("Scripting.FileSystemObject")
If oFS.FileExists(sFile) Then oFS.DeleteFile sFile,True
 Set oWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate,(Security,Backup)}!\\" & _
 sComputer & "\root\cimv2")
Set cLogFiles = oWMIService.ExecQuery _
 ("Select * from Win32_NTEventLogFile where " & _
 "LogFileName='" & sLog & "'")
If cLogFiles.Count =0 Then
    BackupLog=Array("-1","Nothing to backup for event log " & sLog)
    Exit Function
End If
 For Each oLogfile in cLogFiles
   WScript.Echo "Creating " & sFile
    oLogFile.BackupEventLog(sFile)
  If Err.number=0 Then
    BackupLog=Array(0,"Successfully backed up " & sLog & " to " & sFile)
    wshshell.LogEvent 0, "Successfully backed up " & sLog & " log to " & sFile
   'no error - safe to clear the Log
   'WScript.Echo "Clearing event log " & strLog & " on " & sComputer
   'wshshell.LogEvent 0, "Clearing event log of " & strLog & " on " & sComputer
    'Uncomment the next line to actually clear the log. I have it
    'commented out for test purposes
   'oLogFile.ClearEventLog()
  Else
    BackupLog=Array(Err.Number,Err.Description)
    wshshell.LogEvent 0, "Failure on backed up " & sLog & " log to " & sFile
  End If
Next
End Function

Function MoveFile(strSource,strDestination)
On Error Resume Next
Set oFS = CreateObject("Scripting.FileSystemObject")
strParentFolder = oFS.GetParentFolderName(strDestination)
   If oFS.FolderExists(strParentFolder)=False Then
    WScript.Echo "Creating " & strParentFolder
    oFS.CreateFolder strParentFolder
        If Err.Number<>0 Then
            WScript.Echo "Failed to create " & strParentFolder
            Exit Function
        End If
   End If
    WScript.Echo "Copying " & strSource & " to " & strDestination
    oFS.CopyFile strSource,strDestination,True
    If Err.Number=0 Then oFS.DeleteFile strSource
End Function