We can open event viewer console from command prompt or from Run window by running the command eventvwr. To retrieve the events information from log files in command line we can use eventquery.vbs. This file can be found in the directory C:\Windows\System32.
Using eventquery.vbs we can dump the events selectively based on various parameters. These parameters include event source, event id, event date, event type(information, error , warning), event log file name(system, application, security, IE etc). Below are few examples on how to use this script file.
To list all the events that are created by a particular service/application.
cscript eventquery.vbs /FI "source eq source_name"
For example to list all the events that are created by DHCP you can run the below command.
cscript eventquery.vbs /FI "source eq dhcp"
To list all the events originated from Outlook:
cscript eventquery.vbs /FI "source eq outlook"
To list the events with a specific id.
cscript eventquery.vbs /FI "id eq id_number"
To list application events that have occurred after a specific time
cscript.exe eventquery.vbs /FI "DateTime gt 11/13/2010,01:00:00AM"
To print all warning events from application log file:
cscript eventquery.vbs /L application /FI "type eq warning"
To dump all the error events generated by a particular user:
cscript eventquery.vbs /FI "user eq domainname\username" /FI "type eq error"
This script is not supported in Windows 7.
{ 1 comment… read it below or add one }
very helpful.thanks