Run the command eventvwr
from the Run window or the command prompt to open the event viewer console. We can use eventquery.vbs
it to retrieve log data from the command line. You can find this file in the C:/Windows/System32 directory
.
Event Viewer Command Line –
By using eventquery.vbs
, we can generate events selectively. An event log file list may contain parameters such as the event source, event ID, event date, event type (warning, information, and error), and the name of the event log file (security, IE, system, application, etc). This script file is used in the following examples.
To list all the events/activities that were generated by a specific application or service.
cscript eventquery.vbs /FI "source eq source_name"
Here is an example of how you can run the below command to list the events generated by DHCP.
cscript eventquery.vbs /FI "source eq dhcp"
Here is the list of all Outlook events:
cscript eventquery.vbs /FI "source eq outlook"
You can find an event by its id.
cscript eventquery.vbs /FI "id eq id_number"
To list the events occurring within an application after a certain period:
cscript.exe eventquery.vbs /FI "DateTime gt 11/13/2010,01:00:00AM"
You can print all warnings from the application log file by following these steps:
cscript eventquery.vbs /L application /FI "type eq warning"
A user’s error events will be logged in this manner:
cscript eventquery.vbs /FI "user eq domainname\username" /FI "type eq error"
Note: Windows 7 does not support this script.
You may also like: Net Share Command: List – Create – Delete Network Shares from CMD