PowerShell: How to automatically backup the netlogon debug log

Overview

There may be a time when Netlogon Debug Logging is required over a prolonged period of time, and all entries must be saved. The standard size of the Netlogon.log is 20mb which rolls over to a 20mb Netlogon.bak file. On a busy server, this can result in a rollover time of an hour or less. One option is to increase the size of the log, but that results in text files that take longer to parse through

The sample script below does the following:

Monitors for changes to the netlogon.bak file [configurable interval]
When a change is detected, it will compress the file, and name the .zip to be a combination of the server name and timestamp
- If the change was on server1 on 6/1/2012 at 1:30pm
  SERVER1 netlogon 2012-6-1 H13 M30 S0.zip
The location of the zip file is configurable

Script Limitations

Must be ran directly on each server
Does not recover from a reboot
Has no error handling

This script can be enhanced or modified to suit other logs and other purposes.

DISCLAIMER: This sample script is provided AS-IS with no warranties and confers no rights.

Sample PowerShell Code

################################################################
#SCRIPT TITLE Netlogon archival
#AUTHOR Joji Oshima - Microsoft Corporation
#VERSION 1.0
################################################################

# Configuration Section
$loglocation = "c:\windows\debug\netlogon.bak" #location of the netlogon.bak file
$ziplocation = "c:\temp\" #location you want the zip files
$interval = 15 #seconds between checks

#functions
function New-Zip
{
param([string]$zipfilename)
set-content $zipfilename ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
(dir $zipfilename).IsReadOnly = $false
}

function Add-Zip
{
param([string]$zipfilename)

if(-not (test-path($zipfilename)))
{
  set-content $zipfilename ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
  (dir $zipfilename).IsReadOnly = $false
}

$shellApplication = new-object -com shell.application
$zipPackage = $shellApplication.NameSpace($zipfilename)

foreach($file in $input)
{
  $zipPackage.CopyHere($file.FullName)
  Start-sleep -milliseconds 500
}
}

# Program Start
$last = (get-item $loglocation).lastwritetime
$computer = gc env:computername

# Loop until you cancel
do
{
$latest = (get-item $loglocation).lastwritetime
$now  = get-date
cls
Write-Host "`n"
Write-Host " WARNING: This script sample is provided AS-IS with no warranties and confers no rights." -ForegroundColor Yellow
Write-Host "          This script sample is NOT intended for production use." -ForegroundColor Yellow
Write-Host "          There is NO error handling and is not ready for mission-critical work." -ForegroundColor Yellow
Write-Host "`n This script sample will attempt to archive the netlogon debug logs`n"
Write-Host "`n Press CTRL-C to stop the script.`n" -ForegroundColor Yellow
Write-Host " Last Checked: $now" -ForegroundColor Green
$now = $now.AddSeconds($interval)
Write-Host " Next Check:   $now" -ForegroundColor Green

Write-Host " ---------------------------------" -ForegroundColor Green
if ($last -eq $latest)
{
  Write-Host " No change`n" -ForegroundColor Green
  $latest
  $last
}
else
{
  Write-Host " Change detected! Archiving $loglocation`n" -ForegroundColor Yellow
  $latest
  $last
  $last = $latest
  $year = $latest.Year
  $month = $latest.Month
  $day = $latest.Day
  $hour = $latest.Hour
  $minute = $latest.Minute
  $second = $latest.Second

  new-zip $ziplocation"$computer netlogon $year-$month-$day H$hour M$minute S$second.zip"
  dir $loglocation | add-zip $ziplocation"$computer netlogon $year-$month-$day H$hour M$minute S$second.zip"
}

Start-Sleep -s $interval
} until ($last -eq 0)

################################################################