在 Powershell 中使用 Get-EventLog 远程读取事件日志 [英] Reading event log remotely with Get-EventLog in Powershell
问题描述
我有一个 powershell 脚本,它在服务器(测试服务器)上运行并读取他的客户端(DC1)的日志文件.
I've a powershell script which runs on server(test-server) and reads the log file of his client(DC1).
- 双方可以互相ping通.
- 两边都禁用了防火墙.
在 DC1 上启用远程桌面和远程协助.
- Both sides can ping to each other.
- On both sides, firewalls are disabled.
Remote Desktop and Remote Assistance are enabled on DC1.
Get-EventLog System -ComputerName test-server -Source Microsoft-Windows-Winlogon # WORKS
Get-EventLog System -ComputerName DC1 -Source Microsoft-Windows-Winlogon # DOESN'T WORK
我在测试服务器上运行这个脚本.如您所见,当我在测试服务器上读取本地日志文件时,它工作正常,但如果我尝试远程读取 DC1 的日志文件,则会收到错误Get-EventLog:找不到网络路径.em>".
I run this script on test-server. As you see when I read the local log file on test-server it works fine but if I try to read the log file of DC1 remotely I get the error "Get-EventLog : The network path was not found.".
错误截图:
如何避免此错误并使用 Get-EventLog 从测试服务器读取 DC1 的日志文件?
How can I avoid this error and read the log file of DC1 from test-server with using Get-EventLog?
推荐答案
@Lars Truijens 的建议解决了我的问题.但检查其他建议也很重要.
@Lars Truijens's suggestion solved my issue. But other suggestions are also important to check.
因此,如果您在尝试远程获取日志文件时遇到此类错误,请查看以下清单:
So, here is the checklist if you get this kind of error when you try to get log files remotely:
- 禁用或设置双方的防火墙设置.
- 在客户端机器上启用远程桌面和远程协助.
- 您可以 ping 到客户端计算机吗?
- 运行
dir \\dc1\c$以查看您是否可以访问硬盘.(@Shay Levy 的建议) - 运行
Get-Service -ComputerName YOURCOMPUTERNAME以查看您是允许访问服务.(@Shay Levy 的建议) - 启动远程注册表服务.(@Lars Truijens 的建议和这使它对我有用)
- Disable or set firewall settings on both sides.
- Enable Remote Desktop and Remote Assistance on client machine.
- Can you ping to the client machine?
- Run
dir \\dc1\c$to see that you are allowed to reach to the harddisk. (@Shay Levy's suggestion) - Run
Get-Service -ComputerName YOURCOMPUTERNAMEto see that you are allowed to reach to the services. (@Shay Levy's suggestion) - Start the Remote Registry service. (@Lars Truijens's suggestion and this made it work for me)
这是此解决方案的屏幕截图:
Here is the screenshot of this solution:
这篇关于在 Powershell 中使用 Get-EventLog 远程读取事件日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
