In this tutorial, I will explain a simple way process to automatically backup Windows event logs. If for some reason, you want keep backup of Windows Event Logs then you can easily do that with the combination of PowerShell and Task Scheduler. To backup event log of Windows Client and Windows Server, you can use a PowerShell script that I have mentioned below.
The name of the script is WindowsLogExporter.ps1 and it can easily backup Windows Event logs to any location PC. It uses CSV as a format to keep the exported logs. This script can log all the Windows logs as well as event types. You can define what kind of events you want to back up and then schedule it. Defining automatic schedule is on your own. I have used 1 week in this post, but you can change it to something else.
How to Automatically Backup Windows Event Logs?
To automate backing up of Windows logs, we can use the simple PowerShell script and schedule it. It is very simple to run and scheduling it is just a one-time job.
So, let’s just get started.
Download the script from this GitHub Gist. And then open it in any text editor or simply open it with Notepad.
Now, in the script, you have to replace the hostname with yours. But first, find out what your hostname is. For that, you just paste this command in Windows Run that you can launch using Win+R shortcut. Copy the hostname that appears in the Terminal/CMD window.
cmd /k hostname
Come back to the Notepad in which you have opened the script file. Jump to the line number 6 that has the code “Set-Variable -Name CompArr -Value“. In the parenthesis, replace the “HOSTNAME” with yours that you have copied from the CMD already in the above step. Make sure to enclose it in double quotes.
By default, this script targets Application and System logs. But if you want to add more, then you can just extend the list and separate different logs with a comma. And again, don’t forget to enclose the logs name using double quotes.
The last thing that you have to define in the script is the path where it will save the backed up logs.
Save the script to some safe location. Let’s say, you save it in “D:/Logs” folder.
Now, you create a scheduled task. For that, open PowerShell with administrator rights.
Paste all this code in the terminal and hit enter. If your script is saved at some other location then you need to modify the “-File” parameter in this.
$trigger=New-JobTrigger -Weekly -At "7:00AM" -DaysOfWeek "Monday"
$action="PowerShell.exe -ExecutionPolicy ByPass -File d:\Logs\WindowsLogExporter.ps1"
$sb=[Scriptblock]::Create($action)
Register-ScheduledJob -Name "Export Logs" -ScriptBlock $sb -Trigger $trigger
After the above command runs successfully, your backup job is scheduled now. To verify, you can see it in the Task Scheduler that you can open from Start. Look for “Export Logs” and there you can see the details about it.
At this point, just let things run on their own. The logs exporter script will run automatically weekly and will save the CSV file at the specified location. You can see how the final CSV file looks in the first screenshot that I have added in the beginning.
Closing:
If you develop Windows apps or a sys admin then this script that I have mentioned here can be helpful to you. All you have to do is just modify it a little bit and create a scheduled task around it. If you follow the steps I have mentioned here carefully, then you will end up creating a backup job that backup the specific Windows Logs and their events to a CSV file.
