date: “2016-12-13” draft: false title: “wevtutil” tag: [“cli”, “commands”, “logs”] category: “windows”
- TechNet Manual, ss64 Manual
- Available In: Vista+
Alternatives
- SysInt: none known
- WMIC: none known
- PS: none known
Enables you to retrieve information about event logs and publishers. You can also use this command to install and uninstall event manifests, to run queries, and to export, archive, and clear logs.
Usage
Examples
| command | description |
|---|---|
wevtutil el |
“enum-logs” List the names of all logs |
wevtutil qe System /rd:true /c:5 /f:text |
“query-events” from the System log, display 5 as text in reverse order |