« previous next »
Pages: [1]   Go Down

Author Topic: Tip: Query and Manage Event Logs with the Windows Events Command Line Utility  (Read 3241 times)

0 Members and 1 Guest are viewing this topic.

Tip: Query and Manage Event Logs with the Windows Events Command Line Utility
« on: February 16, 2009, 06:37:12 PM »

Offline Webmaster

  • Nick Computer Services
  • Administrator
  • Full Member
  • *
  • Posts: 168
  • Karma: +999/-0
  • Gender: Male
  • Love Me Love My Services
    • Computer Service
Tip: Query and Manage Event Logs with the Windows Events Command Line Utility


The Windows Events Command Line Utility (Wevtutil.exe) lets you retrieve information about event logs and publishers; install and uninstall event manifests; run queries; and export, archive, and clear logs from an elevated command prompt. (The usage for this command is described later in this sidebar.) Note that you can use either the short (ep /uni) or long (enum-publishers /unicode) version of the command and option names, and all commands, options, and option values are case insensitive.


The general syntax for Wevtutil.exe is as follows:
wevtutil command [argument [argument] ...] [/option:value [/option:value] ...]


Here command can be any of the following:
al (archive-log) Archives an exported log.
cl (clear-log) Clears a log.
el (enum-logs) Lists log names.
ep (enum-publishers) Lists event publishers.
epl (export-log) Exports a log.
gl (get-log) Gets log configuration information.
gli (get-log-info) Gets log status information.
gp (get-publisher) Gets publisher configuration information.
im (install-manifest) Installs event publishers and logs from manifest.
qe (query-events) Queries events from a log or log file.
sl (set-log) Modifies configuration of a log.
um (uninstall-manifest) Uninstalls event publishers and logs from manifest.


Common options are as follows:
/r:value (remote) If specified, runs the command on a remote computer named value. Note that im (install-manifest) and um (uninstall-manifest) do not support remote operation.
/u:value (username) Specifies a different user to log on to remote computer. Here value is a user name in the form domain\user or user. This option is only applicable when option /r (remote) is specified.
/p:value (password) Specifies a password for the specified user. If not specified or value is "*", the user will be prompted to enter a password. This option is only applicable when /u (username) option is specified.
/a:value (authentication) Specifies an authentication type for connecting to a remote computer. Value can be Default, Negotiate, Kerberos, or NTLM. The default is Negotiate.
/uni:value (unicode) Displays output in Unicode. Value can be true or false (if true, output is in Unicode).


To learn more about a specific command, type wevtutil command /? at an elevated command prompt.

Logged

Nick Computer Services

Tip: Query and Manage Event Logs with the Windows Events Command Line Utility
« on: February 16, 2009, 06:37:12 PM »
Pages: [1]   Go Up
« previous next »
 
Share this topic...
In a forum
(BBCode)
In a site/blog
(HTML)


Related Topics

  Subject / Started by Replies Last post
0 Replies
2881 Views 		Last post February 16, 2009, 06:56:00 PM
by Webmaster
0 Replies
3184 Views 		Last post June 11, 2010, 06:31:21 PM
by Nick
0 Replies
2877 Views 		Last post June 11, 2010, 06:56:51 PM
by Nick
0 Replies
3449 Views 		Last post June 11, 2010, 07:07:10 PM
by Nick
0 Replies
2449 Views 		Last post June 16, 2010, 06:01:54 PM
by Nick
0 Replies
2813 Views 		Last post June 16, 2010, 07:14:52 PM
by Nick
0 Replies
2368 Views 		Last post June 16, 2010, 09:19:44 PM
by Nick
0 Replies
3009 Views 		Last post July 02, 2010, 02:47:52 PM
by Nick
0 Replies
12391 Views 		Last post July 03, 2010, 02:57:44 PM
by Nick
0 Replies
1125 Views 		Last post July 02, 2014, 02:35:24 PM
by Nick