Extend Security Logs Eventviewer
Information Technology (IT) staff needs access to the Event Viewer logs on Windows Servers and clients for many reasons. Network administrators are interested because they are responsible for monitoring and managing the Windows Servers. Security professionals are interested in the Event Viewer security logs to look for any suspicious activities and security violations.
Help Desk is interested in troubleshooting user login issues and account lockouts. Accessing the Event Viewer logs on a local computer is not a problem, but IT staff often needs access to these logs on the remote computers (servers and workstations). You can use the Event Viewer tool to connect to Event Viewer logs on remote computers.
In this article I will show you how. I will also walk you through the steps for creating a custom console so you can monitor Event Viewer logs on multiple computers from a single console. NOTE: As long as you have the necessary permissions, you can access Event Viewer logs on all remote Windows computers: Windows servers and clients.Accessing Remote Computer’s Event Viewer.
Log in to the local computer as an administrator. Start the Event Viewer.
For example, on Windows 10 computer type Event Viewer in the search box. You can also type EventVwr at the command prompt, where is the name of the remote computer.
You will be connected to the remote computer right away, but you may not have the rights to view the Event Viewer logs if you don’t connect to the remote computer with the proper permissions. For example, if are logged in to a Windows 10 computer as a standard user and you connect to a Domain Controller (DC) you may get the following error message:Event Viewer cannot open the event log or custom view. Verify that Event Log service is running or query is too long. Access is denied (5).
In the Event Viewer console, right-click Event Viewer ( Computername), where computername is the name of the computer you are connected to. Select Connect to Another Computer. Type the computer name of the other computer, e.g. DC1, and check the box Connect as another user:. Now you can provide the credentials for a user that has access to the remote computer, e.g.
CONTOSOAdministrator. Click OK twice and you will have access to the Event Viewer logs on the remote computer.
You can view the events, copy the events, save the entire log, or take other actions just as you were able to do locally on the remote computer.Viewing Remote Logs for Multiple Servers in a Single ConsoleAs I stated earlier, IT staff is often interested in accessing Event Viewers on multiple computers. However, the Event Viewer is designed to view logs on one computer at a time. To view event logs of multiple computers, network administrators can create a custom Microsoft Management Console (MMC).
MMC is a built-in tool available on all Windows computers. In the search box type MMC and press Enter. In the User Account Control window click Yes.
In the new MMC console select File - Add/Remove Snap-in to create a new MMC console. You can now customize the console to add any tools you need. We want to add the Event Viewer for multiple computers so you will look for the Event Viewer in the Available snap-ins section and click Add to add it to the Selected snap-ins section. Repeat the above step to add Event Viewer for all the remote computers you want to monitor. If you configure this MMC console on a Domain Controller, you don’t need to provide the necessary credentials to add DCs or member servers because you will have the required permissions. If you are creating the custom MMC on a workstation then provide the credentials as necessary.
If you add the Event Viewer for the local computer and two Domain Controllers (DC1 and DC2) in Contoso domain, your screen may look something like this. Click OK and then save the MMC from the File menu. Give it an appropriate name, e.g. Custom Event Viewer Console. By default, the MMC will be saved to the Windows Administrative Tools. If you don’t want to save it there, you can save it to your desktop or somewhere else.NOTE: Unlike a built-in MMC, which doesn’t allow you to save customized settings, a custom MMC that you create will remember your personalized settings.
Just remember to save the MMC if you add new snap-ins to the console or customize the settings.Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit for information on my professional background.Copyright © 2018.
Windows Event Log Configuration
All rights reserved.