Grabbing remote event logs using wevtutil
I found the below script (Script to collect all event logs off a remote Windows 7 / Server 2008 machine | chentiangemalc) which basically grabs event logs off of a remote machine.
However, when run, it'll go through the process of trying to obtain these but shows the message
REM GetEventLogs.cmd by Malcolm McCaffery
SET /P remotePC=Please type remote computer name or blank for local computer:
IF "%remotePC%" EQU "" set remotePC=%computername%
REM change this to wherever you want to output the logs
IF NOT EXIST %OUTPUTDIR% MD %OUTPUTDIR%
echo Get ALL Event Logs on System
for /F "delims=\" %%i IN ('wevtutil el /r:%remotePC%') DO (
echo Retreving Log %%i
for /F "tokens=1,2 delims=/" %%j IN ("%%i") DO (
IF "%%k" EQU "" (
) ELSE (
wevtutil epl "%%i" "!OUTPUTFILE!" /ow:true /r:%remotePC%
REM cleanup by deleting any empty event files…
for /R %%i IN (*.evtx) DO (
echo Processing %%i
REM if file is 69,632 bytes or less then delete it – don’t want empty files
IF %%~zi LEQ 69632 (
echo empty event file…deleting…
del "%%i" /q
echo Completed – events stored in %OUTPUTDIR%
for each log.
Failed to export log "LogName". The system cannot find the path specified
I'm running this as a domain administrator and the remote even log management exception is in place and have even tried disabling the firewall and rebooting to it still not playing ball.
I'm drawing a blank on a resolution from web searches so any ideas?