Scan Profile to look for event log errors on workstations
Good morning. Is it possible to create a scan profile to be used to review workstations for specific event log errors or warnings?
What I'm trying to accomplish is a way to review domain workstations for group policy processing errors. I have used the Get-Event remote command to review and generate csv files with data for specific events previously, but what I'm hoping to do is to create a scan profile that would add computers to a dynamic collection if found to have specific event log entries.
Thanks for your thoughts.
Comments
Thank you for your suggestion. We have an existing internal feature request ticket for this. I have no ETA on when it could be implemented.
Thank you for your reply. I will wait and hope added to a future release.
In the meantime I highly recommend Graylog. It's fairly easy to set up and very powerful.
Thank you. I will take a look at it.
Good news! This is now possible with Inventory 15 Beta 1's WMI Scanner.
https://support.pdq.com/hc/en-us/articles/115003468752-Inventory-WMI-Scanner-Usage-Examples#evtx
https://documentation.pdq.com/PDQInventory/15.0.1.0/wmi-scanner.htm
Thank you Colby! I will begin testing this as soon as the new version is available.