Backing Up Event Log Files

by Jan 24, 2011

WMI provides a method to backup event log files as *.evt/*.evtx files. The code below creates backups of all available event logs:

Get-WmiObject Win32_NTEventLogFile |
ForEach-Object {
$filename = “$home\” + $_.LogfileName + ‘.evtx’
del $filename -ErrorAction SilentlyContinue

By the way, you can read in the *.evt/*.evtx files created by this approach using Get-WinEvent -Path.

