中神通公司交流论坛 - Powered by Discuz! Board

标题: Windows EventLog命令行工具 [打印本页]

作者: linda 时间: 2019-9-19 18:18 标题: Windows EventLog命令行工具

Windows has a builtin command line utility to deal with Eventlogs: wevtutil

Some examples.

List all registered Eventlogs

D:\> wevtutil el
Export the System EventLog to a file

D:\> wevtutil epl System %temp%\%Computername%_System_log.evtx
Or the Remote Desktop EventLog to a file

D:\> wevtutil epl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational %temp%\%Computername%_rdp_log.evtx
Search the last 100 Entries in Application EventLog for an Event with ID 1704 as Text

D:\> wevtutil qe Application /q:"Event/System/EventID=1704" /c:100 /f:text

原文: https://michlstechblog.info/blog/windows-export-eventlog-from-command-line/#more-6503

欢迎光临中神通公司交流论坛 (http://trustcomputing.com.cn/bbs/)