有没有办法在局域网中search特定事件的所有事件日志？

您可以使用诸如Eventlog到Syslog服务实用程序的工具或像EventLog Inspector这样的软件将Windows事件日志事件广播到系统日志服务器 。

您可以使用System.Diagnostics.EventLog在PowerShell中search远程计算机上的事件日志。 假设你正在寻找的事件是在系统日志中…

 # get a list of all server names, maybe from AD, we'll assume it's in a variable called $serverlist $eventIdToFind = "1234" # or whatever ID you're looking for $logToSearch = "System" foreach ($aServer in $serverlist) { $theLog = New-Object System.Diagnostics.EventLog($logToSearch, $aServer) $matchingEventList = $theLog.Entries | where { $_.EventId -eq $eventToFind } if ($null -ne $machingEventList -and $matchingEventList.Count -gt 0) { "Event Found on $aServer" # or do something else with it here } }