Powershell Get-EventLog from computers.txt and save data

Question

I have some problems getting EventLog and save data. I am able to get my EventLogs but not logs from network computers.

Here is the code I am running:

$logFileName = "Application" 
$path = $MyInvocation.MyCommand.Path +"\Output\" 
$path = $PSScriptRoot+"\Output\"

new-item $path -ItemType directory

$array = ("System", "Security")

$file = $PSScriptRoot +"\computers.txt"


$users = ForEach ($machine in $(Get-Content $file)) {

    $pathMachine = $path+$machine
    new-item $pathMachine -ItemType directory
    ForEach ($logFileName in $array){
        # do not edit


        $logFileName
        $exportFileName = (get-date -f yyyyMMdd) + "_" + $logFileName +  ".evt"
        $logFile = Get-WmiObject Win32_NTEventlogFile -ComputerName $machine | Where-Object {$_.logfilename -eq $logFileName}
        $logFile
        $exportFileName
        $pathMachine
        $temp = $pathMachine + "\"+ $exportFileName
        $temp
        $fff = $logFile.BackupEventLog($temp)

    }
}

Answer 1

I am working on some assumptions but maybe this will help.

When I Ran your Code I got

Get-Content : Cannot find path 'C:\computers.txt' because it does not exist.

I had to make the C:\computers.txt file, then I ran your code again and got this error.

Get-Content : Cannot find path 'C:\Output\computers.txt' because it does not exist.

I made that file in that location, then I ran your code again and I got the event log file. Maybe try creating these two missing files with a command like

Get-WmiObject Win32_NTEventlogFile -ComputerName $machine
mkdir C:\Output\$machine
$env:computername | Out-File -FilePath c:\Output\Computers.txt

You may also want to setup a Network share and output to that location so you can access the event logs from a single computer. Once the share is setup and the permissions just drop the unc path in.

Answer 2

This could e considered a duplicate of this.

Reading event log remotely with Get-EventLog in Powershell

# swapped from this command
get-eventlog -LogName System -computername <ServerName>

# to this
invoke-command {get-eventlog -LogName System} -ComputerName <ServerName>

Don't struggle with writing this from scratch. Well, unless it's a learning exercise. There are pre-built script for you to leverage as is and or tweak as needed.

Running commands on Remote host require using the Invoke cmdlet, and or an established PSRemoting session to that host.

Get Remote Event Logs With Powershell

Gather the remote event log information for one or more systems using wmi, alternate credentials, and multiple runspaces. Function supports custom timeout parameters in case of wmi problems and returns Event Log information for the specified number of past hours.

Download: Get-RemoteEventLogs.ps1

The script is too long (it's 100+ lines) to post here, but here in the Synopsis of it.

Function Get-RemoteEventLogs 
{ 
    <# 
    .SYNOPSIS 
       Retrieves event logs via WMI in multiple runspaces. 
    .DESCRIPTION 
       Retrieves event logs via WMI and, if needed, alternate credentials. This function utilizes multiple runspaces. 
    .PARAMETER ComputerName 
       Specifies the target computer or comptuers for data query. 
    .PARAMETER Hours 
       Gather event logs from the last number of hourse specified here. 
    .PARAMETER ThrottleLimit 
       Specifies the maximum number of systems to inventory simultaneously  
    .PARAMETER Timeout 
       Specifies the maximum time in second command can run in background before terminating this thread. 
    .PARAMETER ShowProgress 
       Show progress bar information 
    .EXAMPLE 
       PS > (Get-RemoteEventLogs).EventLogs 

       Description 
       ----------- 
       Lists all of the event logs found on the localhost in the last 24 hours. 

    .NOTES 
       Author: Zachary Loeber 
       Site: http://www.the-little-things.net/ 
       Requires: Powershell 2.0 

       Version History 
       1.0.0 - 08/28/2013 
        - Initial release 
    #> 

Or this one.

PowerShell To Get Event Log of local or Remote Computers in .csv file

This script is handy when you want to extract the eventlog from remote or local machine. It has multiple filters which will help to filter the data. You can filter by logname,event type, source etc. This also have facility to get the data based on date range. You can change th

Download : eventLogFromRemoteSystem.ps1

Again, too big to post here because the length is like the other one.