To successfully collect event logs from remote Windows host(s), you have to enable the following inbound firewall rules on the remote Windows host(s):
Windows Management Instrumentation (Async-In)
Windows Management Instrumentation (WMI-In)
Windows Management Instrumentation (DCOM-In)
Also, enable Remote Enable in WMI's Properties on the remote Windows host(s):
1. Open Computer Management and expand Services and Applications.
2. Right-click WMI Control and click Properties.
3. Click the Security tab then click the Security button.
4. Under Group or user names, select/highlight Authenticated Users.
5. Under Permissions, check the box for Remote Enable.
6. Click OK on this dialogue box and the Properties dialogue box to finish.
You should now be able to remotely collect event logs on this Windows computer with WMI. These settings have been verified on Win XP/7/8/and 10 and should be no different for any/future Win OS versions and should be doable via Group Policy for an entire network of computers.
Hello
If you had access to that hosts, and you can install an agent on them, then the best way is to use the Splunk Universal Forwarder and configure it to monitor the logs you want to index. Please reffer to:
http://docs.splunk.com/Documentation/Splunk/6.0/Forwarding/Aboutforwardingandreceivingdata
Regards