Backing Up Event Logs

There are a number of useful cmdlets to manage event logs, however one functionality is missing:

PS> Get-Command -Noun EventLog 

CommandType Name            Version Source                         
----------- ----            ------- ------                         
Cmdlet      Clear-EventLog Microsoft.PowerShell.Management
Cmdlet      Get-EventLog Microsoft.PowerShell.Management
Cmdlet      Limit-EventLog Microsoft.PowerShell.Management
Cmdlet      New-EventLog Microsoft.PowerShell.Management
Cmdlet      Remove-EventLog Microsoft.PowerShell.Management
Cmdlet      Show-EventLog Microsoft.PowerShell.Management
Cmdlet      Write-EventLog Microsoft.PowerShell.Management 

There is no cmdlet to backup an event log to an *.evtx file. Let’s create one:

function Backup-Eventlog


    $eventLog = Get-WmiObject -Class Win32_NTEventLOgFile  -filter "FileName='$LogName'"
    if ($eventLog -eq $null)
        throw "Eventlog '$eventLog' not found."
    [int]$status = $eventLog.BackupEventlog($DestinationPath).ReturnValue
    New-Object -TypeName ComponentModel.Win32Exception($status)

And here’s an example of how easy it is now to backup an event log:

PS> Backup-Eventlog -LogName Application -DestinationPath c:testbackup.evtx
The operation completed successfully

PS> Backup-Eventlog -LogName Application -DestinationPath c:testbackup.evtx
The file exists


Are you an experienced professional PowerShell user? Then learning from default course work isn’t your thing. Consider learning the tricks of the trade from one another! Meet the most creative and sophisticated fellow PowerShellers, along with Microsoft PowerShell team members and PowerShell inventor Jeffrey Snover. Attend this years’ PowerShell Conference EU, taking place April 17-20 in Hanover, Germany, for the leading edge. 35 international top speakers, 80 sessions, and security workshops are waiting for you, including two exciting evening events. The conference is limited to 300 delegates. More details at

Twitter This Tip! ReTweet this Tip!

GD Star Rating