Log in Register

Log in

wevtutil command,syntax,switches,options and examples

wevtutil command,syntax,switches,options and examples Hot

 
0.0 (0)
1324   0   0   0   0  
Write Review
Functional Area

Use of Wevtutil command:

Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs. For examples of how to use this command, see Examples.

Wevtutil command Syntax:

wevtutil [{el | enum-logs}] [{gl | get-log} [/f:]]

[{sl | set-log} [/e:] [/i:] [/lfn:] [/rt:] [/ab:] [/ms:] [/l:] [/k:] [/ca:] [/c:]] 

[{ep | enum-publishers}] 

[{gp | get-publisher} [/ge:] [/gm:] [/f:]] [{im | install-manifest} ] 

[{um | uninstall-manifest} ] [{qe | query-events} [/lf:] [/sq:] [/q:] [/bm:] [/sbm:] [/rd:] [/f:] [/l:] [/c:] [/e:]] 

[{gli | get-loginfo} [/lf:]] 

[{epl | export-log} [/lf:] [/sq:] [/q:] [/ow:]] 

[{al | archive-log} [/l:]] 

[{cl | clear-log} [/bu:]] [/r:] [/u:] [/p:] [/a:] [/uni:]

Wevtutil command switches:

{el | enum-logs}Displays the names of all logs.

{gl | get-log} [/f:]Displays configuration information for the specified log, which includes whether the log is enabled or not, the current maximum size limit of the log, and the path to the file where the log is stored.

{sl | set-log} [/e:] [/i:] [/lfn:] [/rt:] [/ab:] [/ms:] [/l:] [/k:] [/ca:] [/c:]Modifies the configuration of the specified log.

{ep | enum-publishers}Displays the event publishers on the local computer.

{gp | get-publisher} [/ge:] [/gm:] [/f:]]Displays the configuration information for the specified event publisher.

{im | install-manifest} Installs event publishers and logs from a manifest. For more information about event manifests and using this parameter, see the Windows Event Log SDK at the Microsoft Developers Network (MSDN) Web site (http://msdn.microsoft.com).

{um | uninstall-manifest} Uninstalls all publishers and logs from a manifest. For more information about event manifests and using this parameter, see the Windows Event Log SDK at the Microsoft Developers Network (MSDN) Web site (http://msdn.microsoft.com).

{qe | query-events} [/lf:] [/sq:] [/q:] [/bm:] [/sbm:] [/rd:] [/f:] [/l:] [/c:] [/e:]Reads events from an event log, from a log file, or using a structured query. By default, you provide a log name for . However, if you use the /lf option, then must be a path to a log file. If you use the /sq parameter, must be a path to a file that contains a structured query.

{gli | get-loginfo} [/lf:]Displays status information about an event log or log file. If the /lf option is used, is a path to a log file. You can run wevtutil el to obtain a list of log names.

{epl | export-log} [/lf:] [/sq:] [/q:] [/ow:]Exports events from an event log, from a log file, or using a structured query to the specified file. By default, you provide a log name for . However, if you use the /lf option, then must be a path to a log file. If you use the /sq option, must be a path to a file that contains a structured query. is a path to the file where the exported events will be stored.

{al | archive-log} [/l:]Archives the specified log file in a self-contained format. A subdirectory with the name of the locale is created and all locale-specific information is saved in that subdirectory. After the directory and log file are created by running wevtutil al, events in the file can be read whether the publisher is installed or not.

{cl | clear-log} [/bu:]Clears events from the specified event log. The /bu option can be used to back up the cleared events.

Wevtutil command example:

wevtutil el

User reviews

There are no user reviews for this listing.
Already have an account? or Create an account