Access event viewer on a non-domain joined computer

Hello - is there a way to utilize BigFix in some manner to access the event viewer on a computer not joined to the domain? The computers in question have the BigFix agent installed, and can communicate with the BigFix server on our domain.

1 Like

If you know specifically what events you are looking for you can use the event inspector: https://support.bigfix.com/inspectors/System%20Objects_Any.html#event%20log

1 Like

thanks - I am not entirely clear on which events I’m after, this was more for general troubleshooting on a remote machine without disrupting them and taking control of it (being able to browse system/app logs specifically)

You definitely won’t want to pull the entire event log with BigFix. You should be able to use the event viewer to remotely connect to the machine and use a local account on the system for authentication.

if you know roughly what you’re looking for (warnings/errors in the application event log) you can start with that

thanks - I was thinking that was the case, but was hopeful that there was a tool/process I wasn’t aware of. It’s an odd scenario where most things are blocked but the agent and console have open communication, I was trying to avoid poking any new holes open.

If you know what you are looking for, then you can write relevance to detect it with BigFix.

The idea would be to find a computer with an issue and examine it’s logs to narrow down the issue and figure out how to write relevance to look for it specifically. Then once you have that, you can put it into an analysis and get back the data for all computers to see if they have the same problem.

One issue is you have to be very careful with the log inspector, it can be very slow in some cases, particularly as the event logs get very large. You should have any properties dealing with event logs report once every 6 hours or less often. It is also a good idea to limit the search to the last 30 or 60 days of events in the log.

It should be possible to export the event logs from a particular computer and upload them to the root sever using BigFix. Then get them, put them on another machine, and then dig through them to find what you are looking for.

1 Like