Is there a way to search all the event-logs on a LAN for a specifc event?

Question

score 3 · Accepted Answer · answered Apr 30 '09 at 11:57

3

You could broadcast the Windows event log events to a syslog server using a tool like the Eventlog to Syslog Service utility or a software like EventLog Inspector.

answered Apr 30 '09 at 11:57

splattne

28,508
20
98
148

This is the way to go if you have more than a few machines. Centralize that data and searching! – Joe Doyle Apr 30 '09 at 15:14

score 0 · Answer 2 · answered Apr 30 '09 at 12:52

You can search the event log on remote machines with PowerShell, using System.Diagnostics.EventLog. Assuming the event you're looking for is in the System log...

# get a list of all server names, maybe from AD, we'll assume it's in a variable called $serverlist  
$eventIdToFind = "1234" # or whatever ID you're looking for
$logToSearch = "System"
foreach ($aServer in $serverlist) {  
  $theLog = New-Object System.Diagnostics.EventLog($logToSearch, $aServer)  
  $matchingEventList = $theLog.Entries | where { $_.EventId -eq $eventToFind }
  if ($null -ne $machingEventList -and $matchingEventList.Count -gt 0) {  
    "Event Found on $aServer" # or do something else with it here  
  }  
}

Is there a way to search all the event-logs on a LAN for a specifc event?

2 Answers2