{"id":6503,"date":"2019-07-04T23:12:36","date_gmt":"2019-07-04T21:12:36","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=6503"},"modified":"2019-07-05T09:13:49","modified_gmt":"2019-07-05T07:13:49","slug":"windows-export-eventlog-from-command-line","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/windows-export-eventlog-from-command-line\/","title":{"rendered":"Windows: Export EventLog from command line"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_6503 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_6503')){$('.twoclick_social_bookmarks_post_6503').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Windows%3A%20Export%20EventLog%20from%20command%20line\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0AWindows%20has%20a%20builtin%20command%20line%20utility%20to%20deal%20with%20Eventlogs%3A%20wevtutil%20%0D%0A%0D%0ASome%20examples.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/windows-export-eventlog-from-command-line\\\/\",\"post_id\":6503,\"post_title_referrer_track\":\"Windows%3A+Export+EventLog+from+command+line\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>Windows has a builtin command line utility to deal with Eventlogs: <strong>wevtutil<\/strong><br \/>\n<!--https:\/\/docs.microsoft.com\/de-de\/windows-server\/administration\/windows-commands\/wevtutil--><br \/>\nSome examples.<br \/>\n<!--more--><br \/>\nList all registered Eventlogs<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nD:\\&gt; wevtutil el\r\n<\/pre>\n<p>Export the System EventLog to a file<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nD:\\&gt; wevtutil epl System %temp%\\%Computername%_System_log.evtx\r\n<\/pre>\n<p>Or the Remote Desktop EventLog to a file<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nD:\\&gt; wevtutil epl Microsoft-Windows-RemoteDesktopServices-RdpCoreTS\/Operational %temp%\\%Computername%_rdp_log.evtx\r\n<\/pre>\n<p>Search the last 100 Entries in Application EventLog for an Event with ID 1704 as Text<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nD:\\&gt; wevtutil qe Application \/q:&quot;Event\/System\/EventID=1704&quot; \/c:100 \/f:text\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, Windows has a builtin command line utility to deal with Eventlogs: wevtutil Some examples.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[1355,1356,394,1357,20],"class_list":["post-6503","post","type-post","status-publish","format-standard","hentry","category-windowsknowhow","tag-event-log","tag-event-log-from-command-line","tag-export","tag-wevtutil","tag-windows-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/6503","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=6503"}],"version-history":[{"count":5,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/6503\/revisions"}],"predecessor-version":[{"id":6509,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/6503\/revisions\/6509"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=6503"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=6503"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=6503"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}