What is WevtUtil and how do you use it?

WevtUtil.exe is a command line utility in the Windows operating system, used primarily to register your provider on the computer. The tool is placed in %windir%System32 case. This command is restricted to members of the Administrators group and should be run with elevated privileges. In this article, we explain how to use this inbuilt tool in Windows 11 or Windows 10 computers.

What is C System32 WevtUtil exe?

The process known as Windows Events Command Line Utility is native to Microsoft’s Windows operating system. the wevtutil.exe the file is located in the C:WindowsSystem32 case. The file size on Windows 11/10 is 171008 bytes. The WevtUtil.exe is a basic Windows system file.

What is WevtUtil and how do you use it?

the WevtUtil.exe The command allows you to retrieve information about event logs and publishers. You can use the command to get metadata information about the provider, its events, and the channels on which it logs events, and to query events from a channel or log file.

PC users can run the WevtUtil order for the following:

  • Retrieve information about event logs and publishers.
  • Archive logs in a stand-alone format.
  • List the available logs.
  • Install and uninstall event manifests.
  • Run queries.
  • Exports events (from an event log, log file, or using a structured query) to a specified file.
  • Clear event logs.

To get usage information, enter wevtutil /? at a command prompt.

Using the WevtUtil Command

Let’s take a look at the basic usage of the WevtUtil command on Windows 11/10 system.

hurry Windows key + Rtype ordered and press Enter to open the command prompt. You can also open the windows terminal and select the command prompt profile. In the CMD prompt, run the commands below for the corresponding task(s).

To note: Most options for WevtUtil are not case-sensitive, but the embedded help is and should be requested in UPPERCASE. To retrieve event log data, the PowerShell cmdlet Get-WinEvent is easier to use and more flexible.

  • List the names of all newspapers:
wevtutil el
  • View system log configuration information on the local computer in XML format:
wevtutil gl System /f:xml
  • Use a configuration file to set event log attributes (see Remarks for an example configuration file):
wevtutil sl /c:config.xml
  • View information about the Microsoft-Windows-Eventlog event publisher, including metadata about events the publisher can trigger:
wevtutil gp Microsoft-Windows-Eventlog /ge:true
  • Install publishers and journals from the myManifest.xml manifest file:
wevtutil im myManifest.xml
  • Uninstall editors and logs from manifest file myManifest.xml:
wevtutil um myManifest.xml
  • View the three most recent Application log events in text format:
wevtutil qe Application /c:3 /rd:true /f:text
  • View application log status:
wevtutil gli Application
  • Export system log events to C:backupsystem0506.evtx:
wevtutil epl System C:backupsystem0506.evtx
  • Clear all Application log events after saving them to C:adminbackupsa10306.evtx:
wevtutil cl Application /bu:C:adminbackupsa10306.evtx
  • Clear all Application log events:
wevtutil clear-log Application
@echo off
for /f "tokens=*" %%G in ('wevtutil.exe el') do (wevtutil.exe cl "%%G")
  • Export events from System connect to C:backupss64.evtx:
wevtutil export-log System C:backupss64.evtx
  • List event publishers on the current computer:
wevtutil enum-publishers
  • Uninstall editors and logs from the SS64.man manifest file:
wevtutil uninstall-manifest SS64.man
  • Enable event logs for task scheduler:
wevtutil set-log "Microsoft-Windows-TaskScheduler/Operational" /e:true >null 2>&1
  • View the 50 most recent Application log events in text format:
wevtutil qe Application /c:50 /rd:true /f:text
  • Find the last 20 boot events in the system log:
wevtutil query-events System /count:20 /rd:true /format:text /q:"Event[System[(EventID=12)]]"

the WevtUtil.exe The command can control almost every aspect of Event Viewer and logs, which requires many parameters and switches to control these details. To see the main syntax structure for WevtUtil.exe and learn more about this native tool, see the Microsoft documentation.

I hope you find this article informative enough!

How do I use Windows Logs?

To access Event Viewer in Windows 11, Windows 10, and Server, follow these steps:

  • Right click on the Start button.
  • To select Control Panel > System and security.
  • Double click Administrative tools.
  • Double click Event Viewer.
  • Select the type of logs you want to view (ex: application, system).

What do system logs show?

On a Windows 11/10 computer, the System Log (Syslog) contains a record of operating system (OS) events that show how system processes and drivers were loaded. Syslog displays informational, error, and warning events related to the computer’s operating system.

Can I delete log files?

By default, DB does not delete log files for you. Because of this, the database log files will eventually grow to consume an unnecessarily large amount of disk space. To guard against this, you should periodically take administrative action to delete log files that are no longer used by your application. You can delete application-level log files via System view > Database properties > Business view. Expand the Planning application type and the application that contains the log files you want to delete. Right-click the app and select Delete Log.

Source link

Steven L. Nielsen