≡ Menu

Event viewer command line (CMD)

We can open event viewer console from command prompt or from Run window by running the command eventvwr.  To retrieve the events information from log files in command line we can use eventquery.vbs. This file can be found in the directory C:\Windows\System32.

Using eventquery.vbs we can dump the events selectively based on various parameters. These parameters include event source, event id, event date, event type(information, error , warning), event log file name(system, application, security, IE etc). Below are few examples on how to use this script file.

To list all the events that are created by a particular service/application.

cscript eventquery.vbs /FI "source eq source_name"

For example to list all the events that are created by DHCP you can run the below command.

cscript eventquery.vbs /FI "source eq dhcp"

To list all the events originated from Outlook:

cscript eventquery.vbs /FI "source eq outlook"

To list the events with a specific id.

cscript eventquery.vbs /FI "id eq id_number"

To list application events that have occurred after a specific time

cscript.exe eventquery.vbs /FI "DateTime gt 11/13/2010,01:00:00AM"

To print all warning events from application log file:

cscript eventquery.vbs /L application /FI "type eq warning"

To dump all the error events generated by a particular user:

cscript eventquery.vbs /FI "user eq domainname\username" /FI "type eq error"

This script is not supported in Windows 7.

5 comments… add one
  • chic

    very helpful.thanks

  • kaushlendra

    very useful :)

  • NJ

    How to count number of files based on extension form cmd or bash script?

  • noob

    You said this script doesn’t support it on windows 7. How to implement it?

  • nnnqw

    save this content in c:\bullshit.bat(if you have difficulties to save it like .bat ask someone’s help that knows more than you)

    wevtutil.exe cl Application
    wevtutil.exe cl Security
    wevtutil.exe cl Setup
    wevtutil.exe cl System

    then go to Control Panel \ Administrative Tools \ Task Scheduler

    right click on left to Task Scheduler Library then on Create Task ….
    on the popup will apear General tab will be active and you should fill an name there ,put anything (i fill it bullshit)
    then press Triggers then New from da left bottom then Begin a task ,then put it At log on option from that small popup …
    un the bottom check repeat task every then click the box after this and put it 5 minutes then click the box after “for a duration of : ” set it Indefinitely..

    click on top Actions then in da bottom New…
    now in da box “Program/script” put this like is here
    start “C:\bullshit.bat”
    so is start ,blank space,comma,C:\bullshit.bat,comma again (i write this if the script of this forum will cancel commas or something inside this command you need to fill it right supposing you already save on c:\ the bullshit.bat batch command i explain you on top of my comment)
    now the system will clean all windows event logs for you

Leave a Comment