@echo off
@cls
::Originally written by the user wesil on spiceworks.com
::Modified by Rectifier 06-30-2012
::This batch requires you to download the sysinternals (microsoft) utility psloglist
::Try http://technet.microsoft.com/en-us/sysinternals or google psloglist
 
::Tested on a local machine using psloglist.exe version 2.71 on Windows 7 x64 Home Premium
::Use the ping command to wait from XP onward, timeout works for server 2k3
::The -g switch only works after the -c switch; this saves the log to file and clears it
 
::You can change the file extension from evt (older) to evtx (newer) and vice versa
 
::Change pstooldir to where psloglist.exe is located
set pstooldir=C:\PSTools
cd /d %pstooldir%
::Error handling
if not exist psloglist.exe goto ERR0
if not exist "Event Logs" md "Event Logs"
if not exist "Event Logs" goto ERR1
::Change logdir to where you want to save the event logs
set logdir=C:\Event Logs
::Template command for saving an event log:
::psloglist.exe -s -c -g "yourdir\filename %date:~4,2%-%date:~7,2%-%date:~10,4%.extension" "log name"
::Saved files appear as "filename MM-DD-YYYY.extension" without quotations
 
::Exports to file and then clears the following event logs
psloglist.exe -s -c -g "%logdir%\Security %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" Security
psloglist.exe -s -c -g "%logdir%\Application %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" Application
psloglist.exe -s -c -g "%logdir%\System %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" System
psloglist.exe -s -c -g "%logdir%\Internet Explorer %date:~4,2%-%date:~7,2%-%date:~10,4%.evtx" "Internet Explorer"
goto end
 
:ERR0
echo. & echo.
echo psloglist.exe not found !
ping 127.0.0.1 -n 2 >nul
goto emd
 
:ERR1
echo. & echo.
echo Can't create folder "Event Logs"
ping 127.0.0.1 -n 2 >nul
goto end
 
:end
::Uncomment the pause to view the output before ending the batch file
::pause
exit /b