The following Visual Basic scripts(WMI) will allow you to take a backup of your Event Viewer .evtx log files by running WMI Queries:
=================================
Backup Application Event Log
=================================
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\CIMV2”)
‘ Obtain an instance of the the class
‘ using a key property value.
Set objShare = objWMIService.Get(“Win32_NTEventlogFile.Name=’C:\Windows\System32\Winevt\Logs\Application.evtx'”)
‘ Obtain an InParameters object specific
‘ to the method.
Set objInParam = objShare.Methods_(“BackupEventlog”). _
inParameters.SpawnInstance_()
‘ Add the input parameters.
‘ Execute the method and obtain the return status.
‘ The OutParameters object in objOutParams
‘ is created by the provider.
Set objOutParams = objWMIService.ExecMethod(“Win32_NTEventlogFile.Name=’C:\Windows\System32\Winevt\Logs\Application.evtx'”, “BackupEventlog”, objInParam)
‘ List OutParams
Wscript.Echo “Out Parameters: ”
Wscript.echo “ReturnValue: ” & objOutParams.ReturnValue
==============================
Backup System Event Log
==============================
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\CIMV2”)
‘ Obtain an instance of the the class
‘ using a key property value.
Set objShare = objWMIService.Get(“Win32_NTEventlogFile.Name=’C:\Windows\System32\Winevt\Logs\System.evtx'”)
‘ Obtain an InParameters object specific
‘ to the method.
Set objInParam = objShare.Methods_(“BackupEventlog”). _
inParameters.SpawnInstance_()
‘ Add the input parameters.
‘ Execute the method and obtain the return status.
‘ The OutParameters object in objOutParams
‘ is created by the provider.
Set objOutParams = objWMIService.ExecMethod(“Win32_NTEventlogFile.Name=’C:\Windows\System32\Winevt\Logs\System.evtx'”, “BackupEventlog”, objInParam)
‘ List OutParams
Wscript.Echo “Out Parameters: ”
Wscript.echo “ReturnValue: ” & objOutParams.ReturnValue
Helpforsure 