The following script:
# backup_logs.pl
# written by Howard Jares 4/26/2004
# This script backs up the Event logs with an auto incremental name,
# clears the Event logs, and writes an event record to the Event log
# Data is archived to \\%computername%\Vortex$\Eventlogs
require Win32::EventLog;
my $Registry;
use Win32::TieRegistry 0.24 (
TiedRef => \$Registry, Delimiter => "/",
# ArrayValues => 1,
# SplitMultis => 1, AllowLoad => 1,
# qw( REG_SZ REG_EXPAND_SZ REG_DWORD REG_BINARY REG_MULTI_SZ
# KEY_READ KEY_WRITE KEY_ALL_ACCESS ),
);
$evKey =
$Registry->{"HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Eventlog/"};
# Set the log names and get the date
@eventlogs = ("SYSTEM","SECURITY","APPLICATION","FILE Replication Service","DIRECTORY
Service", "DNS Server");
($sec,$min,$hour,$day,$month,$year) = localtime(time);
$month++; # make a real month
# Make date info into two digit form (5 = 05)
if ($day < 10) { $day = "0".$day; }
if ($month < 10) { $month = "0".$month; }
$year += 1900;
open SCRIPTLOG, ">>backup_logs.log" or die "Can't open backup_logs.log to append";
print SCRIPTLOG "Began at: $hour:$min:$sec on $month/$day/$year.\n";
# resolve path to vortex share to build path in nonUNC format for
Win32::EventLog::ClearEventLog
@results = `net share vortex\$`;
if ($results[1] =~ /Path\s+(.*)$/) { $path = $1; }
else { print SCRIPTLOG "Vortex\$ share does not exist on this system\n"; die;}
$logdir = $path."\\EventLogs";
if (! -e $logdir) {
print SCRIPTLOG "Directory: $logdir does not exist\n";
die "Directory: $logdir does not exist\nPlease create it before running this
program.";
}
my %event= (
'EventID',517,
'EventType',EVENTLOG_INFORMATION_TYPE,
'Category',NULL,
'Strings',"$ENV{USERDOMAIN}\\$ENV{USERNAME} archived the previous records to:
",
'Data','',
);
foreach $log (@eventlogs) {
# skip logs that we don't have.
if(!($logKey = $evKey->{"$log"} )) { next; }
$log =~/(\w{3})/; #get the first thre char of the log file
$backlog = $logdir."\\$ENV{COMPUTERNAME}-".$1.$year.$month.$day;
$special = "";
if (-e $backlog.$special.".evt") { $special = "a"; }
while (-e $backlog.$special.".evt") { $special++; } # end of while
$backlog = $backlog.$special.".evt";
# Open the event log
if($handle = Win32::EventLog->new($log, $ENV{COMPUTERNAME})) {
if($handle->Clear($backlog)) { # file was archived ok
print SCRIPTLOG "\t$log archived to $backlog\n";
$handle = Win32::EventLog->new($log, $ENV{COMPUTERNAME});
#re-establish handle
$event{Strings} = "->->>$ENV{USERDOMAIN}\\$ENV{USERNAME}
archived the previous records to: ".$backlog;
if($handle->Report(\%event)) { print SCRIPTLOG "\tArchive
event logged in $log\n"; }
}
else { print SCRIPTLOG "\tERROR - $log NOT ARCHIVED.\n"; }
Win32::EventLog::CloseEventLog($logopen);
}
else { print SCRIPTLOG "\tERROR - unable to open $log\n"; }
} # End of FOREACH
($sec,$min,$hour,$day,$month,$year) = localtime(time);
print SCRIPTLOG "Ended at: $hour:$min:$sec on $month/$day/$year.\n";
When I do
Perl backup_logs.pl
Everything runs fine (Perl v5.8.0 build 806 with Win32-TieRegistry [0.24])
I need to put this on a number of servers that don't have Perl installed.
So I user PerlApp 5.3.0 build 530 from the PerlDevKit.
C:\scripts>perlapp backup_logs.pl --add Win32::EventLog;Win32::TieRegistry
PerlApp 5.3.0 build 530
Copyright (C) 1998-2003 ActiveState Corp. All rights reserved.
ActiveState is a division of Sophos Plc.
Commercial license for Howard Jares <[EMAIL PROTECTED]>
Overwrite 'backup_logs.exe' ? y
Created 'backup_logs.exe'
C:\scripts>backup_logs.exe
Can't call method "Clone" on an undefined value at /PerlApp/Win32/TieRegistry.pm
line 146.
BEGIN failed--compilation aborted at backup_logs.pl line 16.
Line 16 is the closing );
Any ideas?
Howard Jares
University of Houston.
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
