Can event logs be backed up and cleared when they are full? (NETIQKB920)

  • 7700920
  • 02-Feb-2007
  • 08-Aug-2007


Operations Manager 3.30

Security Manager 3.30

Security Manager 3.30 SP1

Security Manager 3.40

Security Manager 3.50


Yes, both Operations and Security Manager include a rule that will allow you to do this. This rule must be customized and can be found at the following location:

Microsoft Windows Security | Windows NT 4.0 Security Events - All Computers | Windows Security Shared rules | Windows Security Scripts | Security: Script -- Backup EventLog (Customize)
This script backs up the Windows event log specified in the parameters. By default, the Security log is backed up once a week. However, the parameters of the rule can be modified to back up other event logs and allow flexibility in scheduling the backup. This script can be run at a scheduled interval using the timed event provider, or it can be run in response to an event.

If in addition to backing up the event log, you would also like to clear it, use the "Clear EventLog" script.

The script has the following parameters:
  • ComputerName: This parameter is the name of the computer on which to back up the event log specified in the EventLogName parameter.
  • DeleteFilesOlderThan: This parameter indicates the number of days that event log backups should be stored. All event log backups of type EventLogName that are older than the number of days specified in this parameter will be removed. Setting this parameter prevents you from having to periodically manually remove files to free disk space. Note that if an error occurs while backing up the event log, old event log files will not be deleted.
  • EventLogName : This parameter indicates the name of the event log to be backed up. Valid event logs are: Application, Security, System, Directory Service, DNS Server, and File Replication Service. If EventLogName does not exist on the computer that is specified in ComputerName then the Application log will be backed up by default.
  • OutputFolderName: This parameter indicates the location to which the backup file should be stored. An output folder must be specified. If you wish to copy the backups to a central files server, the Operations Manager or Security Manager service account must have write permissions to the specified share.

Additional Information

Formerly known as NETIQKB920