Backing up and/or clearing event logs can be scheduled to run at specified intervals, results are always logged to the event log. Alerts can also be triggered when an event log is full.
If you encounter problems when backing up and clearing the event logs then please see KB article 21 for a solution to common problems. |
The screenshot below shows an existing schedule that backs up the Application event log every Monday at 5am. The event log is not cleared, and the results are logged to the event log.
To add a new schedule click on the + button next to the schedule list, to edit an existing entry simple double-click the entry:
Event Log
Either select the event log to backup/clear from the pull down menu or specify the log name manually. To backup all event logs on the computer specify the "All Event Logs" option.
Date & Time
Schedules the backup/clearing to either run on certain weekdays, on certain days of the month or both.
Backup
Specifying a file name in the "File" section will cause the "Backup Event Log" check box to be automatically checked; the event log will be backed up to the specified file. We recommend that you use the .evtx extension for the file name to avoid confusion. The following case sensitive variables are supported in the file names: $HOSTNAME, $LOG, $DAY, $MONTH, $YEAR, $HOUR and $MINUTE.
Clear Event Log
Checking the "Clear Event Log" check box will clear an event log. The event log may be cleared after it has been backed up (if you specified a file name), or it may be cleared log without it being backed up.
Compress
Since Event Log Backup files can be rather large (depending on the size of your event log) and compress well, you can automatically compress the backed up event log backup files with EventSentry. Compressed files will have the same name as the backup file with the .zip extension appended to them. For example, if the event log backup file name is SRV01_Security_20070808.evt then the name of the archive will be SRV01_Security_20070808.evt.zip.
Checking this box will automatically compress the event log backup file after it has been backed up, and the uncompressed version will be deleted. The size of compressed event log backup files is usually only about 20% (or less) of their original file size.
Since event log backup files are compressed with the ZIP algorithm, they can be extracted/uncompressed with all major compression software, such as 7-Zip.
Log Action(s) to Event Log
To log a history of all backup and clear actions to the event log, activate the "Log action(s) to event log" checkbox. See Event Logs for all possible event log records logged by this feature.