Windows: Export EventLog from command line

2 clicks for more data protection: Only when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. nicht mit Flattr verbunden
When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.

Hi,

Windows has a builtin command line utility to deal with Eventlogs: wevtutil

Some examples.

List all registered Eventlogs

1	`D:\> wevtutil el`

Export the System EventLog to a file

1	`D:\> wevtutil epl System %temp%\%Computername%_System_log.evtx`

Or the Remote Desktop EventLog to a file

D:\> wevtutil epl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational %temp%\%Computername%_rdp_log.evtx

Search the last 100 Entries in Application EventLog for an Event with ID 1704 as Text

1	`D:\> wevtutil qe Application` `/q:"Event/System/EventID=1704"` `/c:100` `/f:text`

Michael

2 thoughts on “Windows: Export EventLog from command line”

how can i export specific event id in Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational via using epl command?

Michael says:

May 18, 2020 at 3:45 PM

Hi Bab,

really straightforward

1
D:\> wevtutil qe Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational /q:"Event/System/EventID=148"

or to file

1
D:\> wevtutil epl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational /q:"Event/System/EventID=148" %temp%\test.evtx

Michael

Log in to Reply

Michls Tech Blog