Eventcreate command in Windows

The eventcreate command allows the admin to create custom events in the specified event log. For an example of how to use this command, please see the example below.

The eventcreate command allows the admin to create custom events in the specified event log. For an example of how to use this command, please see the example below.

Eventcreate command syntax

 eventcreate [/s [/u [/p ]] {[/l {APPLICATION|SYSTEM}]|[/so ]} /t {ERROR|WARNING|INFORMATION|SUCCESSAUDIT|FAILUREAUDIT} /id /d 

Parameters

Parameter Description / s Specifies the name or IP address of the remote computer (do not use a backslash). The default is the local computer. / u Run the command with the user account rights specified by or. The default is the currently logged-in user rights on the computer that is issuing the command. / p Specifies the password of the user account specified in the / u parameter . / l {APPLICATION | SYSTEM} Specifies the name of the event log where the event was created. Valid login name is APPLICATION and SYSTEM. / so Specify the source to use for the event. Valid sources can be any string and must represent the application or event creation component. SUCCESSAUDIT | FAILUREAUDIT} Specify the type of event to create. Valid categories are ERROR, WARNING, INFORMATION, SUCCESSAUDIT and FAILUREAUDIT. / id Specifies the event ID number for the event. Valid ID is any number between 1 and 1000. / d Specifies the description to use for the newly created event. /? Show help at the command prompt.

Note

Unable to write custom events to the security log.

For example

 eventcreate /t error /id 100 /l application /d "Create event in application log" eventcreate /t information /id 1000 /so winmgmt /d "Create event in WinMgmt source" eventcreate /t error /id 2001 /so winword /l application /d "new src Winword in application log" eventcreate /s server /t error /id 100 /l application /d "Remote machine without user credentials" eventcreate /s server /u user /p password /id 100 /t error /l application /d "Remote machine with user credentials" eventcreate /s server1 /s server2 /u user /p password /id 100 /t error /so winmgmt /d "Creating events on Multiple remote machines" eventcreate /s server /u user /id 100 /t warning /so winmgmt /d "Remote machine with partial user credentials" 

See more:

  1. Endlocal command in Windows
  2. Expand command in Windows
  3. Exit command in Windows
3.7 ★ | 23 Vote