I found the below script (Script to collect all event logs off a remote Windows 7 / Server 2008 machine | chentiangemalc) which basically grabs event logs off of a remote machine.
However, when run, it'll go through the process of trying to obtain these but shows the messageCode:@echo off REM GetEventLogs.cmd by Malcolm McCaffery SETLOCAL ENABLEDELAYEDEXPANSION SET /P remotePC=Please type remote computer name or blank for local computer: IF "%remotePC%" EQU "" set remotePC=%computername% REM change this to wherever you want to output the logs SET OUTPUTDIR="D:\Temp\RemoteLogs\!remotePC!" IF NOT EXIST %OUTPUTDIR% MD %OUTPUTDIR% pushd "%OUTPUTDIR%" echo Get ALL Event Logs on System for /F "delims=\" %%i IN ('wevtutil el /r:%remotePC%') DO ( echo Retreving Log %%i for /F "tokens=1,2 delims=/" %%j IN ("%%i") DO ( IF "%%k" EQU "" ( SET OUTPUTFILE=%computername%-%%j.evtx ) ELSE ( SET OUTPUTFILE=%computername%-%%j-%%k.evtx ) ) wevtutil epl "%%i" "!OUTPUTFILE!" /ow:true /r:%remotePC% ) REM cleanup by deleting any empty event files… for /R %%i IN (*.evtx) DO ( echo Processing %%i REM if file is 69,632 bytes or less then delete it – don’t want empty files IF %%~zi LEQ 69632 ( echo empty event file…deleting… del "%%i" /q ) ) popd echo. echo Completed – events stored in %OUTPUTDIR% pausefor each log.Failed to export log "LogName". The system cannot find the path specified
I'm running this as a domain administrator and the remote even log management exception is in place and have even tried disabling the firewall and rebooting to it still not playing ball.
I'm drawing a blank on a resolution from web searches so any ideas?
!remotePC! needs to be %remotePC% in the output path. [I think... I'm braindead today.]
Last edited by X-13; 25th February 2014 at 03:45 PM.
I know but this was this was the source script. I wanted to get this working as intended before PSing it up.
The Output path works fine in the script. It's the actual wevtutil command that I'm getting this error with however, this looks to be the output destination permissions that's the problem. I've since managed to get the command to run on a remote computer, storing them on it's local disk and then opening this folder to end the script in order to obtain them.
Hello, I'm having the same issue noted in original post. I'm running out of ideas.
As a domain administrator with an elevated command prompt, I get the following:
Remote Registry service is running. As for firewall, it is controlled by GPO so I am unable to modify at the moment. The Win7 incoming firewall rules for Remote Event Log Management are not turned on so I "believe" this should not be blocking.Failed to export log "LogName". The system cannot find the path specified
So I tried copying the script to the local machine and using PsExec to launch elevated command prompt as system and also tried with my domain admin account and get the following:
So now it creates the folder however it is empty because it is never able to export the logs. How did you get it to work in your scenario on the targeted remote machine?Failed to open channel enumeration. Access is denied.
Ended up creating a powershell script to do what I wanted. The following code will export the Application log to the specified location.
Obviously replace 'Application' with 'System' respectively.Code:wevtutil export-log Application /r: C:\Windows\Temp\ /ow:True
I'm completely new to this and was wondering if I could just export the logs from the local PC. I have the same script and pretty much lost... anyone wanna give me a quick tutorial??!
There are currently 1 users browsing this thread. (0 members and 1 guests)