Problem
You want to access event log entries from a remote machine.
Solution
To access event logs on a remote machine, create a new System.Diagnostics. EventLog class with the log name and computer name. Then access its Entries property:
PS >$log = NewObject Diagnostics.EventLog "System","LEEDESK" PS >$log.Entries | GroupObject Source
Count Name Group
91 Print {LEEDESK, LEEDESK, LEEDESK, LEEDESK... 640 TermServDevices {LEEDESK, LEEDESK, LEEDESK, LEEDESK... 148 W32Time {LEEDESK, LEEDESK, LEEDESK, LEEDESK... 100 WMPNetworkSvc {LEEDESK, LEEDESK, LEEDESK, LEEDESK... 856 Service Control Manager {LEEDESK, LEEDESK, LEEDESK, LEEDESK... 123 Tcpip {LEEDESK, LEEDESK, LEEDESK, LEEDESK...
(...)
Discussion
The solution demonstrates one way to get access to event logs on a remote machine. In addition to retrieving the event log entries, the System.Diagnostics.EventLog class also lets you perform other operations on remote computers, such as creating event logs, removing event logs, writing event log entries, and more.
The System.Diagnostics.EventLog class supports this through additional parameters to the methods that manage event logs. For example, to get the event logs from a remote machine:
[Diagnostics.EventLog]::GetEventLogs("LEEDESK")
To create an event log or event source on a remote machine:
$newLog =
NewObject Diagnostics.EventSourceCreationData "PowerShellCookbook","ScriptEvents" $newLog.MachineName = "LEEDESK" [Diagnostics.EventLog]::CreateEventSource($newLog)
To write entries to an event log on a remote machine:
$log = NewObject Diagnostics.EventLog "ScriptEvents","LEEDESK" $log.Source = "PowerShellCookbook" $log.WriteEntry("Test event from a remote machine.")
