HELP - Copy Event Logs |
Post Reply 
|
Page 123> |
| Author | ||||||||||||||||||||||||||||
zactek 
Regular Member 
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
 Quote Reply
 Topic: HELP - Copy Event LogsPosted: 22 Oct 2008 at 05:57 |
|||||||||||||||||||||||||||
|
Basically, I was working with Mr Hicks yesterday regarding a script to copy event logs from a computer and then append information to the file name. I am receiving "Failed to copy event log. Return code 9" .
This assumes that:
1) You change the variables for where servers.txt and the folder paths are at and that they exist.
2) You have administrative access to the machine that you want to run it against remotely and also access to write to the share.
Any help is appreciated!
|
||||||||||||||||||||||||||||
 |
||||||||||||||||||||||||||||
|
jhicks
MVP 
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 22 Oct 2008 at 06:12 |
|||||||||||||||||||||||||||
|
What value are you getting for sTarget? Can you copy and paste the results from this line of the script?
WScript.Echo "copying " & logfile.name & " to " & sTarget Returns a value of 0 (zero) if the file was successfully copied, and any other number to indicate an error.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
zactek
Regular Member
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
Quote Reply
Posted: 22 Oct 2008 at 09:10 |
|||||||||||||||||||||||||||
|
I am getting on the WSH window that pops up: copying C:\WINDOWS\system32\config\AppEvent.Evt to \\server\share\computer_appevent_200810221178.evt
but right after that I get the Failed to copy event log. Return code 9 Edited by zactek - 22 Oct 2008 at 09:11 |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
jhicks
MVP
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 22 Oct 2008 at 09:36 |
|||||||||||||||||||||||||||
|
It looks like the Method doesn't like a UNC. Works for me if I map a drive to the remote share.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
zactek
Regular Member
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
Quote Reply
Posted: 22 Oct 2008 at 09:43 |
|||||||||||||||||||||||||||
|
I got it to work when I mapped a network drive and then put that as the "sTargetParent". That's definitely weird about that method and I thought that preferred way would be to use the UNC. Is it a limitation or could there be something else done to make it work? |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
jhicks
MVP
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 22 Oct 2008 at 09:56 |
|||||||||||||||||||||||||||
|
Its an unfortunate limitation to the method. I've never used it up till now and just assumed a UNC would work. Goes to show you to take nothing for granted.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
zactek
Regular Member
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
Quote Reply
Posted: 22 Oct 2008 at 10:26 |
|||||||||||||||||||||||||||
|
We were testing it and I can get it if I run it on my local box. I can even write them out to a mapped network drive that I have access to. It seems like there is an additional problem. If there is a box that is remote (we have admin rights) that I put in servers.txt, I get the same return code. I've tested it with using the FQDN, just the NetBIOS name and even the "\\" and if it is remote, I get the same Return Code 9. |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
jhicks
MVP
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 22 Oct 2008 at 10:54 |
|||||||||||||||||||||||||||
|
Here's the deal. When you use WMI to connect to a remote machine, any
paths you specify for the the Copy (and BackupEventLog) method are
relative to the *remote* computer. You may have a drive mapped to the
UNC, but it likely doesn't exist on the remote machine. Or their drive
X might be different than yours which would also be problematic. Now
the hard part. You can't easily map a network drive for the remote
machine. The easy solution that comes to mind is to add code to your
script that maps a temporary drive, then use something like PSEXEC to
execute the script remotely on all your target servers.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
jhicks
MVP
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 22 Oct 2008 at 10:55 |
|||||||||||||||||||||||||||
|
PrimalScript Enterprise ships with a remote execution engine wish would push the script out to all your servers and have it execute remotely in parallel.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
jhicks
MVP
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 22 Oct 2008 at 11:00 |
|||||||||||||||||||||||||||
|
The other thought I had, and depending on the size of the logs this might be better anyway, is to copy all the files locally to the same directory name. Then come back with a second script to copy all those file to a network share. This could be a simple batch file using Robocopy.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
zactek
Regular Member
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
Quote Reply
Posted: 22 Oct 2008 at 15:07 |
|||||||||||||||||||||||||||
|
Jeff, I think I see the problem, I guess with the sensitivity of what some of these may be I would like to create a mapped drive, copy it to the remote share, disconnect and repeat that for each one in servers.txt. I have heard of PSEXEC, but I am not necessarily trying to copy the script to the remote server, just execute against remote machines. I'm not sure if you have an example, but I'm guessing I need to use something like Set objNetwork = WScript.CreateObject("WScript.Network") objNetwork.MapNetworkDrive "R:", "\\server\share" I am not sure how to disconnect, but I am guessing it includes something like - objNetwork.RemoveNetworkDrive Any help is appreciated. |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
jhicks
MVP
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 22 Oct 2008 at 15:12 |
|||||||||||||||||||||||||||
|
You're missing my point which is ok because this is confusing. Even though you are executing the script say on your machine and connecting to a remote machine, the Copy method is looking for a path as if you were on the remote machine. So if your script uses a remote file name of R:\logs\file.txt, the remote computer will be looking for R:\logs\file.txt. If R: doesn't exist on the remote machine, you'll fail. And there's no easy way to map an R: drive for the remote machine.
That's why I suggested PSEXEC. Add code, like you've shown to map a drive and remove it when done. Then use PSEXEC to remotely execute the script. The script can connect to the local host and run remotely via PSEXEC. |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
zactek
Regular Member
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
Quote Reply
Posted: 23 Oct 2008 at 06:05 |
|||||||||||||||||||||||||||
|
Ok, now I am starting to see what you're saying. I am thinking that I would need to do something like the following:
I am not sure of the syntax of how to get this to run against machines remotely without having to copy something. I'm wondering if I could just add the add/remove network drive code (once I develop it) within my existing code, could PSEXEC be ran from the command line and it affect all the computers I define in servers.txt? e.g.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
jhicks
MVP
Joined: 10 Mar 2010 Location: United States Online Status: Offline Posts: 3662 |
Quote Reply
Posted: 23 Oct 2008 at 06:20 |
|||||||||||||||||||||||||||
|
Don't make this more complicated. Take the VBScript you have and add code to map a temp drive for the copy. You might also need to add code to pull the computername from WMI or environmental variables so you can create the right file name. The script is designed to run on the local host.
Next, copy the script to all your servers in the same location. Then run PSEXEC from your command prompt. There is syntax to parse a text list of computers. Try to run cscript pathto\yourscript.vbs using PSEXEC. I'd try it remotely with one computer first to verify your syntax. |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
zactek
Regular Member
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
Quote Reply
Posted: 23 Oct 2008 at 08:05 |
|||||||||||||||||||||||||||
|
I guess the thing is that we are trying to get event logs from computers that we may not necessarily want people to know that we're grabbing information. I'm not trying to make it too complicated, just a little...;o) I guess I'm thinking too hard about it, but I thought that there may be a way to use it all within the script and not have to copy something down locally.
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
zactek
Regular Member
Joined: 30 Jun 2008 Online Status: Offline Posts: 115 |
Quote Reply
Posted: 23 Oct 2008 at 08:14 |
|||||||||||||||||||||||||||
|
Also, within the text of the script itself to get the network mapping, should I do something like this?
I know that in part of the code, I am calling the function CopyEventLog , but I am not sure how I should order it within the code so that I am doing what's needed in order.
1) Connect to computer defined in servers.txt
2) Map network drive
3) Run CopyEventLog function
4) Disconnect network drive
5) Repeat for each sComputerName
I appreciate your help and your brain power on this one!
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
Topic Options|
Post Reply
|
Page 123> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |