Eventing Command Line Utility
wevtutil
- C:\Windows\system32\wevtutil.exe /?
Output:
Windows Events Command Line Utility.
Enables you to retrieve information about event logs and publishers, install
and uninstall event manifests, run queries, and export, archive, and clear logs.
Usage:
You can use either the short (for example, ep /uni) or long (for example,
enum-publishers /unicode) version of the command and option names. Commands,
options and option values are not case-sensitive.
Variables are noted in all upper-case.
wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]
Commands:
el | enum-logs List log names.
gl | get-log Get log configuration information.
sl | set-log Modify configuration of a log.
ep | enum-publishers List event publishers.
gp | get-publisher Get publisher configuration information.
im | install-manifest Install event publishers and logs from manifest.
um | uninstall-manifest Uninstall event publishers and logs from manifest.
qe | query-events Query events from a log or log file.
gli | get-log-info Get log status information.
epl | export-log Export a log.
al | archive-log Archive an exported log.
cl | clear-log Clear a log.
Common options:
/{r | remote}:VALUE
If specified, run the command on a remote computer. VALUE is the remote computer
name. Options /im and /um do not support remote operations.
/{u | username}:VALUE
Specify a different user to log on to the remote computer. VALUE is a user name
in the form domain\user or user. Only applicable when option /r is specified.
/{p | password}:VALUE
Password for the specified user. If not specified, or if VALUE is "*", the user
will be prompted to enter a password. Only applicable when the /u option is
specified.
/{a | authentication}:[Default|Negotiate|Kerberos|NTLM]
Authentication type for connecting to remote computer. The default is Negotiate.
/{uni | unicode}:[true|false]
Display output in Unicode. If true, then output is in Unicode.
To learn more about a specific command, type the following:
wevtutil COMMAND /?
Return Code: 0
C:\Windows\system32\wevtutil.exe
c:\>ver
Microsoft Windows [Version 10.0.19045.2075]
| File | Info |
|---|---|
| File Size | 278016bytes |
| Creation Time | 2022/07/08 08:47:49 |
| LastWrite Time | 2022/07/08 08:47:49 |
| ProductVersion | 10.0.19041.1 |
| FileVersion | 10.0.19041.1 (WinBuild.160101.0800) |
| Hash | Value |
|---|---|
| MD5 | 1aae26bd68b911d0420626a27070eb8d |
| SHA1 | bfc08ec6a97e4d65d2be2ac8131550e67c6c817e |
| SHA224 | 7b5e504d58a02b598d046b58efff44c3487f1d0147649ad9776bc944 |
| SHA256 | 1256a1e89815aa5ade26a8fddddeebf056eb3d3a81ebfe0dd73636cc677a3d38 |
| SHA384 | 85762333bb7e1bbed4230b381ee7fbd0f5ffe8776bc31c2ecdd0abd8d5a1b00b2a282e2fca3c5a5a9ed55005e1ef8cd0 |
| SHA512 | c67a823d02554ae122e55edca9a8002862c30cc4758d13674a543330b8807c9ec0d199aebb7c5cbd1fc47f1a66f58d2122ddbc2ffec579dc79ba24814c777a0b |