RSS

Windows: Export EventLog from command line

07 Sep

(Copy pasted from: michlstechblog.info)

Windows has a builtin command line utility to deal with Eventlogs: wevtutil

Some examples.

List all registered Eventlogs
D:> wevtutil el


Export the System EventLog to a file
D:> wevtutil epl System c:\%Computername%_System_log.evtx

Export the Application EventLog to a file
D:> wevtutil epl Application c:\%Computername%_Application_log.evtx

Or the Remote Desktop EventLog to a file
D:> wevtutil epl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational c:\%Computername%_rdp_log.evtx


Search the last 100 Entries in Application EventLog for an Event with ID 1704 as Text
D:> wevtutil qe Application /q:”Event/System/EventID=1704″ /c:100 /f:text

(%Computername% will be replaced by the name of your computer in exported files name)

 
Leave a comment

Posted by on September 7, 2021 in Windows

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: