I'm building a wrapper script for Get-Winevent to search multiple computers' event logs in parallel, using multiple search criteria.
I'm contructing a XML filter for Get-Winevent, then call this fairly simple workflow:
WorkFlow Get-ParallelEvent {
Param(
[string[]]$Computers,
[string]$FilterXml
)
#Query computers
ForEach -Parallel ($Computer in $Computers) {
If (Test-Connection $Computer -Count 1 -ErrorAction SilentlyContinue) {
Get-WinEvent -ComputerName $Computer -FilterXml $FilterXml -ErrorAction SilentlyContinue
}
}
}
But when I run the script, I get the error:
Could not find a parameter named 'ComputerName'. Remote connectivity in this command is handled by the 'PSComputerName' parameter.
However, I don't want to depend on PSRemoting (which is not enabled on all our servers), and Get-Winevent absolutely does support querying remote systems without resorting to PSRemoting.
After much trial and error I added a dummy ForEach-loop with just one iteration, using a variable that doesn't affect execution. That works as intended - PSRemoting is not required (I can use -ComputerName rather than -PSComputerName):
WorkFlow Get-ParallelEvent {
Param(
[string[]]$Computers,
[string]$FilterXml
)
#Query computers
@('dummy') | ForEach {
ForEach -Parallel ($Computer in $Computers) {
If (Test-Connection $Computer -Count 1 -ErrorAction SilentlyContinue) {
Get-WinEvent -ComputerName $Computer -FilterXml $FilterXml -ErrorAction SilentlyContinue
}
}
}
}
This shouldn't cause any overhead, so I can live with this fix. However, I'm very curious as to why Get-Winevent requires the use of PSRemoting in the original workflow, and why that changes by nesting the same code in a ForEach-loop.
Thanks.
