Using WEVTUTIL.EXE to export the Windows Server 2008 Security event log, I get a permission problem (I have administrator privileges):
c:> wevtutil epl security test.evtx
"Failed to export log security. Access is denied."
I'm trying to write a script to backup and clear the Application, Security, Setup and System event logs. The Security log is the only one giving problems. How do I backup and clear it? I would like to know the "proper" way to do this, because I don't want to upset the security people (auditors, forensics, etc).
Best Answer
Either by using Group Policy or the local policy on the machine, go to
And configure the setting "Back up log automatically when full."
Then all your script needs to do is periodically harvest the directory for archived event log files and transfer them to your network share.