The code I'm running on my SQL Central Management server is:
$logs = 0..6 | % { (get-item SQLSERVER:\sql\<servername>\default).ReadErrorLog($_) }
Originally, I got this to work by adding the service account that ran the PowerShell code to the local Administrators Windows group _AND_ creating a SQL login with sysadmin privileges on the remote SQL server host. Not sursprisingly, my security officer had an issue with this. My initial attempts to reduce access resulted i the following error:
WARNING: Could not obtain SQL Server Service information. An attempt to connect
to WMI on 'NEX-SRV1' failed with the following error: SQL Server WMI provider
is not available on NEX-SRV1. --> Invalid namespace
After quite a bit of fooling around, I have what I think is the minimum security needed to read the SQL error logs. Perform the following grants on the remote server running the SQL Server database:
Local Windows Group
- Add the service account to the "Distributed COM Users" group
WMIMgmt.msc
Add the service account to each of the following branches with all security options EXCEPT "Edit Security"
- Root > cimv2
- Root > cimv2 > ms_409
- Root > Microsoft > SQLServer > ComputerManagement
SQL Server
- Create a SQL login for the service account and add it to the "Security Admin" role.
After I had made these changes, I have the ability to monitor SQL Error logs from a central location without having to grant crazy levels of access to the service account.