Reading event log remotely with Get-EventLog in Powershell

Reading event log remotely with Get-EventLog in Powershell

@Lars Truijenss suggestion solved my issue. But other suggestions are also important to check.

So, here is the checklist if you get this kind of error when you try to get log files remotely:

  • Disable or set firewall settings on both sides.
  • Enable Remote Desktop and Remote Assistance on client machine.
  • Can you ping to the client machine?
  • Run dir \dc1c$ to see that you are allowed to reach to the
    harddisk. (@Shay Levys suggestion)
  • Run Get-Service -ComputerName YOURCOMPUTERNAME to see that you are
    allowed to reach to the services. (@Shay Levys suggestion)
  • Start the Remote Registry service. (@Lars Truijenss suggestion and
    this made it work for me

Here is the screenshot of this solution:

Starting the RemoteRegistry service did not help in my case.

Apparently, there is a difference between the remoting that is accessed via the ComputerName parameter in some cmdlets such as Get-Service and the newer form of remoting accessed with cmdlets such as Invoke-Command.

Since traditional remote access is implemented by individual cmdlets,
it is inconsistent (uses different techniques and demands different
requirements) and available only in selected cmdlets. The technology
used for remote access can vary from cmdlet to cmdlet and is not
readily known to you. Each cmdlet uses whatever remoting technology
its author chose. Most cmdlets use Remote Procedure Call (RPC), but
might also require additional services and settings on the target

Beginning in Windows PowerShell 2.0, there is an alternate and more
universal way of accessing remote systems: Windows PowerShell
Remoting. With this type of remoting, Windows PowerShell handles
remote access for all commands. It transfers your commands to the
remote system using the relatively new and highly configurable WinRM
service, executes the code in a separate session that runs on the
remote system, and returns the results to the calling system.

When I swapped from this command

get-eventlog -LogName System -computername <ServerName>

to this

invoke-command {get-eventlog -LogName System} -ComputerName <ServerName>

I no longer got the following error

get-eventlog : The network path was not found.

Reading event log remotely with Get-EventLog in Powershell

Leave a Reply

Your email address will not be published. Required fields are marked *