Work with Event Logs on a Remote Computer
Applies To: Windows Server 2008, Windows Vista
You can use the Event Viewer or the wevtutil command at a command prompt to manage event logs on a remote computer.
To use Event Viewer to manage event logs on a remote computer
Start Event Viewer.
Click the root node, for example Event Viewer (Local), in the console tree.
On the Action menu, click Connect to Another Computer.
In the Another computer box, type the name or IP address of the remote computer.
(Optional) Select Connect as another user, click Set User, enter the User name and Password, end then click OK.
To use wevtutil to manage event logs on a remote computer
To open a Command Prompt window, click Start, in the Start Search box, type cmd, and then press Enter.
Type the following command in the Command Prompt window:
wevtutil <command> /r:<remote_computer_name>
(Optional) To manage event logs on a remote computer as a different user, type the following command in the Command Prompt window:
wevtutil <command> /r:<remote_computer_name> /u:<user_name> /p:<password>
You must enable the Remote Event Log Management exception in the Windows Firewall Settings on the remote computer to which you want to connect.
You can type eventvwr<remote_computer_name>in a Command Prompt window to start Event Viewer and connect to a remote computer.You can also include options that enable Event Viewer to start with a specified Custom View or with a particular log selected. To learn more about the eventvwr command, type eventvwr /? in a Command Prompt window. Although you can use the eventvwr command to start Event Viewer and connect to computers running previous versions of Windows, any options specified will be ignored.
When connected to a remote computer, Custom Views displayed by the Event Viewer are the Custom Views stored on the local computer. If you click one of those local Custom Views, the underlying query will be run against the event logs on the remote computer.
When connected to a remote computer, the external logs displayed by the Event Viewer are the ones that have been referenced on the local computer.
You may encounter errors if, while connected to a remote computer, you attempt to display Custom Views that reference local external logs. This happens because Event Viewer tries to open those external logs on the remote computer rather then the local computer. This problem does not arise if you use UNC path names to reference the external logs.
To view saved events from a remote computer, you need to save the events on the remote computer with display information. For more information about archiving events with display information, see Archive an Event Log.