Powershell remote-query for Server 2003's eventlog

Question

Is there any way to remotely query the events on 2003 server thru Powershell. Get-eventlog doesn't have a -credential switch and get-winevent doesn't work on Server 2003.

I even tried the impersonation module. It works with commands like get-service, get-process, get-counter but not with get-wmiobject or get-eventlog. Am I missing something.

Answer 1

You are probably looking for this:

Get-WmiObject Win32_NTLogEvent -ComputerName $compName -Credential $cred

gm results of Get-WmiObject for Win32_NTLogEvent (yes, it can take a while to produce):

You can use for filtering (i.e. add -filter "(TimeWritten>'$BeginDate')" to gwmi command), don't forget to assign $BeginDate variable prior to that. See these:

• get-wmiobject to pull logs using Win32_NTLogEvent
• Early Filtering of Win32_NTLogEvent class

Answer 2

Wrap your Get-EventLog command within an Invoke-Command script block.