IT Pro

PowerShell Export remote PC event logs to local PC

3 Min Read

PowerShell Export remote PC event logs to local PC.

1. Open Powershell ISE with an account that has local admin access to remote PCs.

NOTE: You also need to have the Sysinternals Tools installed and be able to call psloglist with a prior reference to its path pre-defined:

Set-Alias psloglist c:\windows\system32\psloglist.exe

2. Function calls for remote System Event logs;

Replace the REMOTE-PCNAME with the NetBIOS name of the PC you want to connect to and extract the logs from. The “start notepad” command should then open the log file on your PC to review. Also, you can change the last string or even delete it if you use another tool for logs. (as an example Cmtrace or Notepad++)

function GetSysEventLogs
{ 
         $currDate = get-date -format MMddyyyy 
         $getDayDuration = Read-Host "Please enter the number of days of logs to extract" 
         psloglist \\REMOTE-PCNAME -d $getDayDuration -s system > c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt 
         Write-Host "Event logs saved to c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt" 
         start notepad c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt

}

3. Function calls for remote Application Event logs;

function GetAppEventLogs

{ 
         $currDate = get-date -format MMddyyyy 
         $getDayDuration = Read-Host "Please enter the number of days of logs to extract" 
         psloglist \\REMOTE-PCNAME -d $getDayDuration -s application > c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt 
         Write-Host "Event logs saved to c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt" 
         start notepad c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt

}

4. Function calls for remote Security Event logs;

function GetSecEventLogs
{ 
         $currDate = get-date -format MMddyyyy 
         $getDayDuration = Read-Host "Please enter the number of days of logs to extract" 
         psloglist \\REMOTE-PCNAME -d $getDayDuration -s security > c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt 
         Write-Host "Event logs saved to c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt" 
         start notepad c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt

}

Steps that this script do:
1) Prompt you for how many days of logs you want to extract out
2) Connect to the remote machine
3) Export the specific log to a *.TXT file
4) Copy the log back to your computer into c:\logs\
5) Open the file in Notepad

TAGGED:
Previous Article DPM Delete a specific Recovery Point
Next Article Power BI Desktop June 2019 Update
Leave a Comment

Translation

English中文(简体)DanskNederlandsFrançaisDeutschItaliano한국어PolskiPortuguêsRomânăEspañolУкраїнська
by Transposh - translation plugin for wordpress

Popular Posts

System Requirements for Windows Server 2016
Windows Server
Configuration Manager Query Collection List
Configuration Manager Query Collection List
ConfigMgr
Structured/Managed Navigation enabled on Modern Pages in Classic Team Sites
Tech
SCCM Failed to get DP locations as the expected version from MP
ConfigMgr

Recent Posts

Installing and Configuring Fail2ban for SSH Protection on Ubuntu 24.04
Linux
Enabling and Configuring FirewallD on AlmaLinux
Linux
User Creation and SSH Key Setup in AlmaLinux
Linux
How to reset password on AlmaLinux
Linux