Question : How to download windows Event log to a Linux server without Windows Agent?
I have a central Linux syslog server, and would like to centrally review all the log files for all servers.

I would like to remotely download the event log file without modifying the Windows configuration. I heard that WMI would help me but don’t understand how.

I only have a User name and a Password for the Window’s Active Directory Domain.

I can modify the server configuration but in a very limited way, installing an Agent is out of the question.

Thank you,
The action to download the files need to be automatic.. can’t install FTP or other tools.

I heard WMI scripting would allow me to do something like that but I am not familiar with it.
syslog server

Best answer:

Answer by Tim J
the .evt logfiles are stored in the Windows directory. If you have rights to login to the box you can browse out C$ windows… to the files and download them.

It’s not a good solution though, syslog has an agent for Windows, and if your authorized to view the logs you should get it put on all servers. That way it’s more secure and much more reliable.