通过

Monitoring and backing up event logs with MOM

  • 项目

With MOM you can automate the following tasks:

- check event log free space on MOM agent computers

- backup the event logs to a remote share

I have attached the 2 scripts I used for this (modified well-known scripts from Scripting Center). I also attached a Management Pack AKM with rules that show how you can use the scripts.

IMPORTANT: Deploy this fix before you use the scripts if your MOM agents are running under LOCAL SYSTEM account:

https://support.microsoft.com/kb/913366/en-us

This fix addresses an issue where the Local system account running the MOM host process was denied Backup privilege (even if you explicitly granted it to the Local System).

 

I hope you find this useful.

https://lipkaa.members.winisp.net/MOM%202005/MonitorEventLogs.zip

Comments

  • Anonymous
    April 11, 2006
    The comment has been removed

  • Anonymous
    April 11, 2006
    Athif,

    Great, thanks for that.
    Just to add on: for agents behind firewall you have to apply the hotfix directly on the managed computer. This is obvious, but I went through this and its a bit of a pain especially if you have a lot of agents that have only port 1270 open to the mom management server. That is why I'd advise to keep such agents in small number in your environment.

  • Anonymous
    April 15, 2006
    The comment has been removed

  • Anonymous
    April 18, 2006
    Hi Athif,

    My name is Andrzej. ALipka is just my alias-> Andrzej LIPKA.
    Anyway to your points:
    1. What is the agent action account that you configured for this agent? If it is local system, then you need the hotfix I mentioned. If it is any other domain account that is in local administrators group make sure you have backup privilege (granted via local/domain GPO). This is the privilege that is needed to run the script.
    2. Again, the AGENT ACTION ACCOUNT needs write access to that folder on share and NTFS level permissions. If it is a local system account, then make sure the machine domain account has that access granted.

    --Andrzej

  • Anonymous
    April 18, 2006
    The comment has been removed

  • Anonymous
    April 19, 2006
    Hi Andrzej,

    Sorry for messing with your name:).

    I am using Local System Account and applied the HOTFIX too. I think permission was the problem. I just granted MOM ACTION Account WRITE permissions as said. Let me see how it goes.

    Thanks again,
    Athif

  • Anonymous
    May 03, 2006
    http://spike.aspweb.cz/alipka/monitoreventlogs.zip -- 404  Not Found.

  • Anonymous
    May 08, 2006
    The site or server must be down (its free, so I dont expect it to be 24h;)) - I'll post the attachment on a new link as soon as I have access to the server (should hopefully be tomorrow).
    Thanks for letting me know!
    Andrzej

  • Anonymous
    May 08, 2006
    Should be ok now - i moved the attachment to another server.

  • Anonymous
    May 18, 2006
    If the event logs are set to overwrite do they still get backed up?

  • Anonymous
    May 19, 2006
    Yes they do. The MP works in such a way that you can define when you want to backup logs:
    every X days/hours, or when the logs are X% full (in case of overwrite logs, I imagine you currently have 100% for all logs, in which case you can configure to backup at >=90%, and then all the logs get backed up (AND CLEARED)).

  • Anonymous
    June 22, 2006
    Error: 9002, Severity: 17, State: 6
    The log file for database 'SystemCenterReporting' is full. Back up the transaction log for the database to free up some log space.

    any ideas how to fix this error

  • Anonymous
    June 22, 2006
    increase the log file in enterprise manager - backing up will not help - the log is needed for DTS job. mom scr db uses a simple recovery model.
    see: http://support.microsoft.com/?kbid=899158

  • Anonymous
    September 12, 2006
    Hi

    I am not able to download the file, it says host not found.

    I am looking for this kind of script for long time.  can you mail me the file, or if any one who has allready can mail me the same, that would be great ful.

    my mail id is jlprasadreddy@yahoo.com

    Thanks

  • Anonymous
    November 27, 2006
    The comment has been removed

  • Anonymous
    January 31, 2008
    I'd like to know how to persist Windows Event Logs on our server without local backups.  Our plan was to have a scheduled job that exported Event Logs and inserted them into our Oracle database on another server. Do you know the process for this? Thanks, Duvall

  • Anonymous
    February 18, 2008
    Hello Andrzej's This is a question, this logs backup works with System Essentials 2007 ??? Thanks, Carlos ...

  • Anonymous
    February 18, 2008
    No it does not. it is only for MOM 2005. If you try to convert it by using migration tools it won't work as expected. I am working on a solution for OpsMgr 2007 wich will also work with SCE 2007. I have currently a basic version ready (local backup) with central backup on the way. Will post it (or some parts of it) here I hope within few weeks.

  • Anonymous
    March 03, 2008
    I have done some small work to update my backup event logs MP for MOM 2005 to 2007 ( http://blogs.technet.com/alipka/archive/2006/04/09/monitoring-and-backing-up-event-logs-with-mom.aspx

  • Anonymous
    May 26, 2008
    Nice script! One question: I don't want a clearing of my Events, what I must change in the "backupeventlogs.vbs" script? Deleting "objLogFile.ClearEventLog()" string is not helpful... Help me please.

  • Anonymous
    May 26, 2008
    I haven't tried it, but deleting the clearEventLog() string should be good enough as per:http://technet.microsoft.com/en-us/library/bb742445.aspx#EFAA. Does the backup of event log succeed?

  • Anonymous
    February 28, 2009
    Hi all ! now, i don't download above attachment file, i need it. Somebody help me by send me that file via email : lequanghoang@gmail.com. Thank you very much.