WMI BackupEventLog Error

[Marty Henderson]

I'm attempting to backup event logs of all AD domain servers to a network
share. The BackupEventLog WMI method returns and error of 5 for all but one
node. I've tried this on two domains with the same results. The MSDN library
documents the following return values.....

0 Success
8 Privilege missing
21 Invalid parameter
183 Archive file name already exists


....but nothing about a 5. Is this a bug? Or something I may be doing? Here
is a code snippet.....

Set LogFileSet =
GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" &
strComputer)_
.ExecQuery("select * from Win32_NTEventLogFile where LogfileName='" &
strEVTtype & "'")

For Each objLogfile in LogFileSet

intRet = objLogFile.BackupEventLog(cLogTarget & "\" &
strBackupName)

If intRet <> 0 Then

strErrMsg = "Fatal Save-Clear_Events.vbs error in " &_
"Function CopyEVT(). " &_
"Failure attempting to backup the " &_
strEVTtype & " log on node " &_
strComputer & "..." & intRet

WshShell.LogEvent 2, strErrMsg

End If

Next

Where strComputer is the simple name of a server and strEVTtype is an event
log, such as
Application.

Any help is appreciated,
Marty

 

[name]

"...but nothing about a 5."

Used to be "binary" in a sense that could be comprehended along the line of

1
2
4
8
16
32
64
128
256

But there seems to be another layer of MS screw in scripting now that had
been introduced.

==========

May be from the land of the origin of numbers and cuneiform they got a lease
on
Mesopotamian weapons of mass destruction, "copying" the resources.

HaHaHa !

=============

I am only a fish in water for the rest of my time.

Blow it all up or not. But settle that planet with those two bloodlines of
you capacity soon, and stay away.

 

[Marty Henderson]

My point is this: It consistently returns 5. The method doc in MSDN does not
report what 5 is. Any Microsoft people have input?

Marty

 

[Marty Henderson]

The same thing happens on a W2K Server SP3 network, and a Sever 2003 domain
(where all DC's & member servers are 2003).

Marty

 

[name]

"183 Archive file name already exists"


Apply a few math rules to the integer, and you will not get a documented
"follow upper" easily.


Sorry !

 

[Venus Millo]

The description qualifier for this method says this:

"Saves the specified event log to a backup file. The method returns an
integer value that can be interpretted as follows:
0 - Successful completion.
8 - The user does not have adequate privileges.
21 - Invalid parameter.
183 - Archive file name already exists. Cannot create file.
Other - For integer values other than those listed above, refer to Win32
error code documentation."

Sometimes WMI just returns the last error given by the API. In this case the
API is BackupEventLog and 5 might be "Access denied".

To debug access denied issues, enable audit on the target, run the script
and then look in Security log.

HTH
Ven