wevtutil Failed to export remote log

Question

I use:

wevtutil epl Application c:\logs\application.evtx

And export Envenlog. But when export a remote machine using:

wevtutil epl Application c:\logs\application.evtx /r:remote-machine

Don't work. I get and error. Failed to export log Application. Access is denied.

But my user is administrator in my current machine and remote-machine.

What's the problem?

score 2 · Accepted Answer · answered Sep 07 '17 at 11:03

Are you working with domain join servers or workgroups servers ? What is the result of the following commands ?

wevtutil epl /r:<remote_computer_name> /u:<target_computer_name>\<user_name> /p:<password>
wevtutil epl /r:<remote_computer_name> /u:<domain_name>\<user_name> /p:<password>

I also suggest to :

Connect to the administrative share (C$) of your target server from your source server using your administrator account and see if this is successful. If not, you may need to review your account rights
Check if you don't have any restrictions on your Event Viewer (per default there is no reason)
Check if account is not blocked or expired
Check your administrator(s) credentials if you are in a workgroup

On my side, I have tested your command in a domain and export was done without problems (see image below).

Sorry... I don't understand... but your code work and export and create the file in remote machine. — Victor Sanchez, Sep 07 '17 at 12:18

wevtutil Failed to export remote log

1 Answers1