| Parameter |
Description |
| {el | enum-logs} |
It Displays the names of all logs. |
| {gl | get-log} <Logname> [/f:<Format>] |
It Displays configuration information for the specified log, which includes whether the log is enabled or not, the current maximum size limit of the log, and the path to the file where the log is stored. |
| {sl | set-log} <Logname> [/e:<Enabled>] [/i:<Isolation>] [/lfn:<Logpath>] [/rt:<Retention>] [/ab:<Auto>] [/ms:<Size>] [/l:<Level>] [/k:<Keywords>] [/ca:<Channel>] [/c:<Config>] |
It Modifies the configuration of the specified log. |
| {ep | enum-publishers} |
It Displays the event publishers on the local computer. |
| {gp | get-publisher} <Publishername> [/ge:<Metadata>] [/gm:<Message>] [/f:<Format>]] |
It Displays the configuration information for the specified event publisher. |
| {im | install-manifest} <Manifest> |
In this Installs event publishers and logs from a manifest. For more information about event manifests and using this parameter, see the Windows Event Log SDK at the Microsoft Developers Network (MSDN) Web site (http://msdn.microsoft.com). |
| {um | uninstall-manifest} <Manifest> |
It Uninstalls all publishers and logs from a manifest. For more information about event manifests and using this parameter, see the Windows Event Log SDK at the Microsoft Developers Network (MSDN) Web site (http://msdn.microsoft.com). |
| {qe | query-events} <Path> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/bm:<Bookmark>] [/sbm:<Savebm>] [/rd:<Direction>] [/f:<Format>] [/l:<Locale>] [/c:<Count>] [/e:<Element>] |
In this Reads events from an event log, from a log file, or using a structured query. By default, you provide a log name for <Path>. However, if you use the /lf option, then <Path> must be a path to a log file. If you use the /sq parameter, <Path> must be a path to a file that contains a structured query. |
| {gli | get-loginfo} <Logname> [/lf:<Logfile>] |
It Displays status information about an event log or log file. If the /lf option is used, <Logname> is a path to a log file. You can run wevtutil el to obtain a list of log names. |
| {epl | export-log} <Path> <Exportfile> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/ow:<Overwrite>] |
In it Exports events from an event log, from a log file, or using a structured query to the specified file. By default, you provide a log name for <Path>. However, if you use the /lf option, then <Path> must be a path to a log file. If you use the /sq option, <Path> must be a path to a file that contains a structured query. <Exportfile> is a path to the file where the exported events will be stored. |
| {al | archive-log} <Logpath> [/l:<Locale>] |
it Archives the specified log file in a self-contained format. A subdirectory with the name of the locale is created and all locale-specific information is saved in that subdirectory. After the directory and log file are created by running wevtutil al, events in the file can be read whether the publisher is installed or not. |
| {cl | clear-log} <Logname> [/bu:<Backup>] |
In this Clears events from the specified event log. The /bu option can be used to back up the cleared events. |