PowerShell Get-Eventlog Remote Computer
Introduction to Scripting Eventlog on a Remote Computer
Remoting is the biggest single improvement to Windows PowerShell v 2.0. Here on this page we will see how it's possible to apply the -ComputerName parameter to eventlog files, and thus view errors on a network computer.
PowerShell Eventlog Topics
My learning progression is to get a basic example working on the local machine and then adapt the script to interrogate a remote computer.
# PowerShell script to list the event logs on the local computer
Here is a modification of Example 1 which makes the script ready-to-run on a remote computer.
# PowerShell script to list the event logs on a remote computer
Note 1: Please change "OtherMachine" to a computer name on your network.
Note 2: Microsoft have added remoting capabilities to PowerShell v2.0, which you access via the -ComputerName parameter.
Troubleshooting Remoting: If the script works on your local machine, but not the network computer, see how to troubleshoot.
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool's most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches - give LEM a whirl.
PowerShell's Get-Eventlog is tricky to operate. What makes it easier is focussing on the parameters, especially -Logname and for remoting, -ComputerName. Once you get the basics working there is a wealth of techniques and properties you can apply to this most versatile cmdlet.
Scenario: You need to investigate a particular
# PowerShell Remote EventLog example with specific EventID
Note 3: Please change -lt to -eq, and '100' to the EventID you are researching.
Note 4: The above script is ready for remoting, just change the value of $Machine variable.
SolarWinds' Network Performance Monitor will help you discover what's happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Check the basic connectivity to the other machine:
Note 5: You can run the first 3 commands from within PowerShell.
Remote PowerShell Commands to Try
# PowerShell script to enumerate the eventlogs on another computer
Experiment with WMI
One benefit of choosing this WMI class is that you can use the -Credential parameter.
Note 6: You are amassing clues about what's working and what's not.
In desperation I would create a remote session, and then run the Get-Eventlog commands as though I was a console user typing in PowerShell.
# Create a Remote Session.
Note 7: Once again, you probably need the -Credential
information; at least Enter-PSSession supports this useful connection
Encouraging computers to sleep when they're not in use is a great idea - until you are away from your desk and need a file on that remote sleeping machine!
WOL also has business uses for example, rousing machines so that they can have update patches applied. My real reason for recommending you download this free tool is because it's so much fun sending those 'Magic Packets'. Give WOL a try - it's free.
Further Research on PowerShell Get-Eventlog
To get the most out of Get-Eventlog even experts turn to the trusty PowerShell techniques of Get-Help and Get-Member. Once you understand the basics, there is huge enjoyment and satisfaction in getting the right script for the right job.
Research Get-Eventlog Parameters
# PowerShell's Get-Eventlog Parameters
Checking with Microsoft's help file will reveal useful parameters. Always remember to define the log with -logfile. I particularly like the -Newest, but for detailed research -before or -After maybe more useful.
Research Get-Eventlog Properties
# PowerShell Get-Eventlog Properties
When you define the output with Format-Table or Out-File, it makes life easier if you can choose just the relevant properties, for example, Source, TimeWritten and Message.
Researching Similar PowerShell Cmdlets
# PowerShell Get-Eventlog Cmdlet Research
The main result is to realize there is a sister command Write-Eventlog, you could also Clear-Eventlog.
Remoting is the biggest improvement in PowerShell v 2.0. On this page we have seen the importance of the -ComputerName parameter for interrogating eventlog files. As a bonus we have experimented with listing EventIDs on both local and remote computers.
If you like this page then please share it with your friends
See more PowerShell examples to read, write and list Windows event logs
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.