none
Get-EventLog and remote computers

    General discussion

  • Hello,

    I am just wondering does anyone manage to get event logs from remote computer with Get-EventLog?
    Here is what I get:

    PS Get-EventLog -LogName Application -computer mycomp
    Get-EventLog : The network path was not found.
    At line:1 char:13
    + Get-EventLog <<<<  -LogName Application -computer mycomp
        + CategoryInfo          : NotSpecified: (:) [Get-EventLog], IOException
        + FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.GetEventLogCommand

    Here is PS version I am running

    Name                           Value
    ----                           -----
    CLRVersion                     2.0.50727.4952
    BuildVersion                   6.1.7600.16385
    PSVersion                      2.0
    WSManStackVersion              2.0
    PSCompatibleVersions           {1.0, 2.0}
    SerializationVersion           1.1.0.1
    PSRemotingProtocolVersion      2.1

    Thanks is advance.

    Friday, August 13, 2010 9:12 AM

All replies

  • What happens if you simply try:

    PS> ping mycomp

    You may want to also try an IP address if you're not able to resolve the short name.

    Friday, August 13, 2010 10:10 AM
    Moderator
  • Hi Marco,

    Thank you for prompt answer.
    I think I know what was problem. When I tried this command I did it first on my computer and everything was ok. Then I tried on colleagues comp, which is Win 7 and it failed. I tried againg on another comp (Win 7 also) and it fails again.
    As soon as I tried on XP or 2k3, 2k8 comp it works perfectly.

    I have no idea why it does not work on Win 7.

    If someone need scrip for checking errors in EventLog on remote computers here it is (it sends report in Excel file).
    Of course you can edit for Log type (App, System, Security).

    #Format Excel sheet

    $objExcel = New-Object -comobject Excel.Application
    $objExcel.visible = $True
    $objWorkbook = $objExcel.Workbooks.Add()
    $objSheet = $objWorkbook.Worksheets.Item(1)
    $objSheet.Cells.Item(1,1) = "Server"
    $objSheet.Cells.Item(1,2) = "LogName"
    $objSheetFormat = $objSheet.UsedRange
    $objSheetFormat.Interior.ColorIndex = 19
    $objSheetFormat.Font.ColorIndex = 11
    $objSheetFormat.Font.Bold = $True

    $row = 1

    $servers = gc servers.txt

    foreach ($server in $servers)
    {
    $row = $row + 1
    $objSheet.Cells.Item($row,1).Font.Bold = $True
    $objSheet.Cells.Item($row,1) = $server
    $AppLog = Get-EventLog -LogName Application -EntryType Error -computer $server -Newest 10
    $row = $row + 1
    $objSheet.Cells.Item($row,1).Font.Bold = $True
    $objSheet.Cells.Item($row,2) = 'Application'
    foreach ($AppEvent in $AppLog)
    {
    $row = $row + 1
    $objSheet.Cells.Item($row,3) = $AppEvent.TimeGenerated
    $objSheet.Cells.Item($row,4) = $AppEvent.Source
    $objSheet.Cells.Item($row,5) = $AppEvent.Message
    }
    }

    $objSheetFormat = $objSheet.UsedRange
    $objSheetFormat.EntireColumn.AutoFit()
    $objSheetFormat.RowHeight = 15

    Friday, August 13, 2010 11:03 AM
  • The command works fine for me on Windows 7. You might want to look at your firewall settings and see if your query is being blocked. And you did verify that you could ping the Win 7 computer per Marco's request?
    Friday, August 13, 2010 11:11 AM
  • Hi Boe,

    Yes I did verify ping (these two pc with Win 7 seats beside me) I also tried admin share C$ and everything works fine. Firewall is disabled by GPO so I gues this is not a problem, I checked it is turned off for Domain profile on both computers.

    Thans for your help.

    Friday, August 13, 2010 11:47 AM
  • Hi,

    Great script!

    How do I add both System and Security EventLogs to this script also?

     

    Thursday, August 19, 2010 5:23 AM
  • Hi,

    Great script!

    How do I add both System and Security EventLogs to this script also?

     


    Check this link out:

    http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/06468cd6-698e-47d7-ac16-cbc070b43482/#757a0231-9b95-4469-8afb-1c20e8189ac2

    Friday, August 20, 2010 2:01 AM
  • Make sure that Remote Registry service is running on the remote computer.
    Wednesday, October 6, 2010 6:50 AM
  • I can confirm starting the Remote Registry Service was disabled on my (last) W7 Computer - after starting the Service get-eventlog -Computer W7Computer it worked

    cheers

    Friday, October 12, 2012 6:35 PM
  • Enable Remote Registry service on remote server/machine. :)

    yash

    Thursday, June 11, 2015 8:23 AM