Eventlog rotator for Windows
Well not exactly, but close…
Here’s the deal: i’ve been assigned a task, to figure out a way to rotate security logs on a Windows server, which has leveraged auditing policies.
Problem: Eventlog retention mechanism under Windows does not allow for creating new log files when the current logfile grows to a certain limit (which is plain stupid and short-sighted). Windows built in mechanism can only overwrite the oldest entries with newer ones if the logfile size limit has been reached.
After some extensive googling, i finally stumbled upon one blog entry that has put me on the right track. Microsoft does have a tool for parsing the binary logfiles (and not only that, but you’ll have to figure it out by yourself), using SQL format queries as commands. It’s called „Log Parser” (how obvious!), and is featured here.
I’ve downloaded the tool and started playing with VBScript (damn you Microsoft for not adopting Bash) and Log Parser, to get the desired result. I won’t go into details, as the file posted below is pretty self-explanatory (and well commented too).
Anyway, here’s „the result” (it’s a gzipped/tared vbscript, some antiviruses might go crazy ’bout it).
Enjoy!
P.S. I’ve yet to add a zipping function to it.
P.S.(2) It’s my first VBScript batch, please don’t laugh. Thank you.
Jeśli spodobał Ci się ten wpis, rozważ jego skomentowanie lub skorzystanie z RSS-a i w konsekwencji otrzymywania informacji o nowych wpisach do Twojego czytnika.
I’m glad my post could be of some help to you. I ended up solving my problem by using snare agent to log to a remote unix syslog server where all of my DC logs are joined together and rotated by syslog.