Background

I wrote this to take a list of servers from a text file, and backup their event logs to .evt files in a central location. I am running the script from a Win2000 Server against a mix of 2000 and NT4 servers, and for 80% of them there is no problem.

Problem

  1. For eventlogs over 300MB, the script backs up a 1KB file. When opened, the log file is blank, but will say 1.8 million records. Manual backing up will back up the full 300 MB.
  2. For NT4 Servers, I am getting "Access is Denied" when trying to back up the logs. I can back up the eventlogs manually with the same account used by the script.

What I've Tried

Tried different accounts, waded through activestate mailing lists, upgraded the activestate build from 631 to 633, searched google, begged, pleaded, and sacrificed two goats.

The Code

# Jonathan Dyer X-XXXX, 
# Written to take input of list of servers in eventlogs_in.txt and bac
+kup the 
# event logs to \\XXXXXXX\EVENTLOGS\SERVER\LOGNAME\DATE

use strict;
use Win32::EventLog;
use File::Copy;
open IN, "<//XXXXXXX/c\$/scripts/eventlogs/eventlogs_in.txt";
while (<IN>){
    chomp;
    my $server="$_";
    print "\n$server\n";    
    my($date)=join("-", ((split(/\s+/, scalar(localtime)))[1,2,4]));
    my $remdir="//XXXXXXX/eventlogs/$server";
    open OUT, ">>//XXXXXXX/eventlogs/backuperrors.log" || die "BackupE
+rrors.log cannot be written.  Stopping.";
    print OUT "$date\n";
    for my $eventlog ("Application", "System", "Security") {
        print "\t$eventlog";
        my $locdir="//$server/c\$/temp/$eventlog";
        my $dest="$locdir/$date.evt";
    
        if (!-e $locdir){mkdir ("$locdir") || print OUT "ERR: Can't cr
+eate local log directory on $server: ($^E)\n";}
        if (!-e $remdir){mkdir ("$remdir") || print OUT "ERR: Can't cr
+eate $remdir: ($^E)\n";}
        if (!-e "$remdir/$eventlog"){mkdir ("$remdir/$eventlog") || pr
+int OUT "ERR: Can't create $remdir/$eventlog: ($^E)\n";}
    
        if ((-e "$remdir/$eventlog")&&(-e "$locdir")){
            my %event=(
            'Computer',"$server",
            'EventID','777',
            'EventType',EVENTLOG_INFORMATION_TYPE,
            'Category','None',
            'Strings',"The $eventlog Event log was backed up to $remdi
+r.",
            'Data',"The $eventlog Event log was backed up.",
            );
    
            my $handle=Win32::EventLog->new($eventlog, "\\\\$server") 
+|| print OUT "ERR: Can't read $eventlog EventLog on $server:($^E)\n";
            $handle->Backup($dest) || print OUT "ERR: Could not backup
+ the $eventlog EventLog on $server to $dest ($^E)\n";
            #$handle->Clear($dest) || print OUT "ERR: Could not clear 
+the $eventlog EventLog on $server:($^E)\n";
            $handle->Report(\%event) || print OUT "ERR: Could not writ
+e to the $eventlog event log:($^E)\n" unless ($eventlog=="Security");
+ #Needed b/c writing to Security log is not allowed
            $handle->Close;
            copy($dest,"$remdir/$eventlog/$date.evt") || print OUT "ER
+R: Couldn't Copy $eventlog Log on $server from $dest to $remdir/$even
+tlog:($!)\n";
            #unlink "$dest";
        }
     }
     print OUT "----------\n";
    close OUT; 
}

[download]

Any ideas are welcome. I'm ready to scrap this and go with a co-worker's C-Solution, but it would be a shot to Perl here.

Thanks.

-OzzyOsbourne

In reply to Win32::Eventlog Issues: Access Denied, Incorrect log size by OzzyOsbourne

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.