Retrieving Event Log Entries from Remote Computers

By Scott | Published: February 23, 2015

One of the functions that BatchPatch provides is the ability to retrieve information from many target computers, simultaneously. And one of the most common sources of information that systems administrators need to access is the event log. So, the question then is how does one use BatchPatch to obtain event log information from remote computers? See below.

  1. First, make sure the ‘Remote Registry’ service on the target computer is enabled and running. If it’s not already running, you can use BatchPatch to start it. The two commands that you would need to run are:

    WMIC SERVICE where (displayname='Remote Registry') CALL ChangeStartMode Manual

    WMIC SERVICE where (displayname='Remote Registry') CALL startservice

    If you’re not familiar with using BatchPatch to remotely execute commands, please see this link for instructions. You can use the two commands listed above, in conjunction with the instructions at the following link, to enable and start the Remote Registry service on your target computers:
    Executing Remote Commands With BatchPatch
  2. Once you have the ‘Remote Registry’ service running on the target computers in question, you’re ready to retrieve event log information. Highlight your host(s) in the grid, and then select ‘Actions > Get information > Get event log entries > Settings/filters’.
  3. In the ‘Event Log Filters’ window, choose the desired settings. Note, the more logs we search, the longer the process will take, so it’s a good idea to search only as far back as you need to. You can optionally include or exclude particular types of events or specific event IDs. Once the desired filters are applied, click OK. For this example I am searching a max of 1000 entries over the past 24 hours.
    2015-02-23 16_27_09-new 1 - BatchPatch X1
  4. Now that the desired filters are set, let’s retrieve matching entries from the System log on the target computer(s). Highlight the host(s) and select ‘Actions > Get information > Get event log entries > System’. If you want to retrieve contents of the Application log or the Security log, you would simply choose the appropriate menu item. However, in this example I’m interested in retrieving only entries in the System log.
    2015-02-23 16_32_44-Program Manager
  5. That’s pretty much all there is to it! Wait for a moment until the query returns, and then you’ll be able to examine the entries that were found.
    2015-02-23 16_37_53-new 1 - BatchPatch X1
    2015-02-23 16_36_48-Program Manager
This entry was posted in Blog, General, Tutorials and tagged , . Bookmark the permalink. Both comments and trackbacks are currently closed.