This article includes a PowerShell Export-Eventlog command to quickly export Windows event logs from a remote computer and copy it to the local machine.
Event logs are a cornerstone of troubleshooting, but getting access to them can be difficult across a network.
It can be faster to export a Windows event log on a remote computer, copy the .evtx file over the network and then query it locally.
The PowerShell Get-Winevent command can work against remote event logs, but it can be painfully slow over the network. Copying an entire exported log (.evtx file) across the same connection is much faster. Get-Winevent can still be used with the -path parameter to query the locally copied .evtx file.
PowerShell Script
wevtutil.exe is Windows .exe that can export event logs. The PowerShell function below uses wevtutil to export one ore more event logs and copy them locally. The computer name is pre-pended to the exported log name.
This article was originally posted on Write-Verbose.com