Well not exactly, but close…

Here’s the deal: i’ve been assigned a task, to figure out a way to rotate security logs on a Windows server, which has leveraged auditing policies.

Problem: Eventlog retention mechanism under Windows does not allow for creating new log files when the current logfile grows to a certain limit (which is plain stupid and short-sighted). Windows built in mechanism can only overwrite the oldest entries with newer ones if the logfile size limit has been reached.

After some extensive googling, i finally stumbled upon one blog entry that has put me on the right track. Microsoft does have a tool for parsing the binary logfiles (and not only that, but you’ll have to figure it out by yourself), using SQL format queries as commands. It’s called „Log Parser” (how obvious!), and is featured here.

I’ve downloaded the tool and started playing with VBScript (damn you Microsoft for not adopting Bash) and Log Parser, to get the desired result. I won’t go into details, as the file posted below is pretty self-explanatory (and well commented too).

Anyway, here’s „the result” (it’s a gzipped/tared vbscript, some antiviruses might go crazy ’bout it).

Enjoy!

P.S. I’ve yet to add a zipping function to it.
P.S.(2) It’s my first VBScript batch, please don’t laugh. Thank you.