Backup Event Logs

You can schedule to have event logs backed and/or cleared at specified intervals, all tasks can be logged to the event log. You can also be notified by email if an event log is full.

If you encounter problems when backing up and clearing the event logs then please see KB article 21 for a solution to common problems.

The screenshot below shows an existing schedule that backs up the Application event log every Monday at 5am. The event log is not cleared, and the task is logged to the event log.

To add a new schedule click on the + button next to the schedule list, to edit an existing entry simple double-click the entry. You will see the following dialog:

You can either select the event log to backup/clear from the pull down menu, or specify the log name manually. To backup all event logs present on the computer specify the "All Event Logs" option.

You can schedule the application to either run on certain weekdays, on certain days of the month or both.

If you specify a file name in the "File" section, then the "Backup Event Log" check box will be automatically checked, and the event log will be backed up to the specified file. We recommend that you use the .evt extension for the file name to avoid confusion. The following case sensitive variables are supported in the file names: $HOSTNAME, $LOG, $DAY, $MONTH, $YEAR, $HOUR and $MINUTE.

To clear an event log check the "Clear Event Log" checkbox. You may clear the event log after it has been backed up (if you specified a file name) or clear the event log without it being backed up.

Since Event Log Backup files can be rather large (depending on the size of your event log) and compress well, you can automatically compress the backed up event log backup files with EventSentry. Compressed files will have the same name as the backup file with the .zip extension appended to them. For example, if the event log backup file name is SRV01_Security_20070808.evt then the name of the archive will be SRV01_Security_20070808.evt.zip.

If you check this box then the event log file will be automatically compressed after it has been backed up, and the uncompressed version will be deleted. The size of compressed event log backup files is usually only about 20% (or less) of their original file size.

Since EventSentry compresses files with the ZIP algorithm, you can extract the compressed files with any application, such as 7-Zip.

To log a history of all backup and clear actions to the event log, activate the "Log action(s) to event log" checkbox. See Event Logs for all possible event log records logged by this feature.