stackoom
  简体   繁体   中英

How can i fix thix batch script

 原文  2021-12-15 16:01:49       windows/ batch-file/ automation/ script

Question

Hello I have a problem with a script, I would like the following from this script. First of all I want to create a folder with the month specific to my computer and in that folder to events logs,but save only application event and system event without the security even if the script is run with admin rights nothing happens. Bellow is my script

@echo off
rem Script starts here
rem Timestamp Generator
for /f "delims=" %%a in ('wmic OS Get localdatetime  ^| find "."') do set "dt=%%a"
:: Format the WMIC command output in YY_MM_DD_hr_mn format
set "YY=%dt:~0,4%"
set "MM=%dt:~4,2%"
set "DD=%dt:~6,2%"
set "hr=%dt:~8,2%"
set "mn=%dt:~10,2%"
:: Format the MM (month-number) to display the month-name
if %MM%==01 set MM=Ianuarie
if %MM%==02 set MM=Februarie
if %MM%==03 set MM=Martie
if %MM%==04 set MM=Aprilie
if %MM%==05 set MM=Mai
if %MM%==06 set MM=Iunie
if %MM%==07 set MM=Iulie
if %MM%==08 set MM=August
if %MM%==09 set MM=Septembrie
if %MM%==10 set MM=Octombrie
if %MM%==11 set MM=Noiembrie
if %MM%==12 set MM=Decembrie
set "today_date_time=%MM%_%YY%"
echo %today_date_time%
mkdir .\%today_date_time%
rem Set the timestamp format
wevtutil epl System %MM%_%YY%\system.evtx
wevtutil epl Application %MM%_%YY%\application.evtx
wevtutil epl Security %MM%_%YY%\security.evtx
wmic nteventlog where filename='system' cleareventlog
wmic nteventlog where filename='application' cleareventlog
wmic nteventlog where filename='security' cleareventlog
rem End of Script

1 answers

solution1
 0 ACCPTED  2021-12-15 17:35:17

Here's a re-written example without all of the WMIC.exe stuff, as per your commented request:

@Rem Start of script.
@Echo Off
SetLocal EnableExtensions
Rem End script if end user is not running with the required permissions.
%SystemRoot%\System32\reg.exe Query "HKU\S-1-5-19" 1>NUL 2>&1 || GoTo :EOF
Rem Add the current directory to the stack and make this scripts location the current directory.
PushD "%~dp0."
Rem Generate a datestamp variable with a string formatted as yy_MMMM.
Set "DateStamp="
For /F %%G In ('%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile "Get-Date -F 'yy_MMMM'" 2^>NUL') Do Set "DateStamp=%%G"
Rem End script if datestamp variable was not defined.
If Not Defined DateStamp GoTo :EOF
Rem Backup and clear event logs.
If Not Exist "%DateStamp%\" MD "%DateStamp%"
For %%G In (Application Security System) Do %SystemRoot%\System32\wevtutil.exe cl %%G /bu:"%DateStamp%\%%G.evtx"
Rem Make the previous directory in the stack the current directory.
PopD
Rem End of Script.

The script was designed to just close, if the end user did not Run as administrator. Also the backup files will be saved to the same location as the running batch file.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to fix “Missing Operand” in Batch Script How can I refresh the PATH environment variable in a Batch script How can i print output of a command to a file in Batch Script? How can I call a batch script from another batch script without pausing at the end? How can I kill child process using taskkill in a batch script? How can I execute a batch script in a windows service in C#? How can I pass batch arguments with dots into a powershell script? How can i pass parametersfrom a windows batch script to java how can I pass database name from batch to mysql script I cannot use the msg command in cmd (or batch for that matter). How can I fix this?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM