HomeTechnologyBasic knowledge

Eventquery command in Windows

Applies to : Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows Server 2012.

Note: The eventquery command is not accepted and is not guaranteed to be supported in subsequent versions of Windows. This tool is integrated in Windows Server 2003.

The eventquery command lists events and event properties from one or more event logs.

Eventquery command syntax

 eventquery[.vbs][/s Computer [/u Domain**User [/p** Password]]][/fi FilterName][/fo {TABLE | LIST | CSV}][/r EventRange [/nh] [/v] [/l [APPLICATION] [SYSTEM] [SECURITY] ["DNS server"] [UserDefinedLog] [DirectoryLogName] [*] ]

Parameters

Parameter Description

/ s Computer

Specify the name or IP address of the computer (do not use a backslash). The default is the local computer. / u Domain User Run the script with the user account privileges specified by the User or Domain **** User. The default is the currently logged-in user rights on the computer that is issuing the command. / p Password Specifies the password of the user account specified in the / u parameter . / fi FilterName Specifies the type of event to be included or excluded from the query. The following is the valid filter name, operator and value. / fo { TABLE | LIST | CSV } Specifies the format to use for output. Valid values ​​are tables, lists and csv. / r EventRange Specifies the event range to list. / nh Remove the column headers in the output. Valid only for table format and csv. / v Specifies that detailed event information is displayed in the output. / l [ APPLICATION ] [SYSTEM] [ SECURITY ] ["DNS server"] [ UserDefinedLog ] [ DirectoryLogName ] [ * ] Specifies the log (s) to follow. Valid values ​​are Application , System , Security , "DNS server" , user defined log and Directory log. " DNS server " can only be used if the DNS service is running on the computer specified by the / s parameter . To specify more than one record to track, reuse the / l parameter . Wildcard ( * ) can be used and is the default. /? Show help at the command prompt.

Note

To run this script, you must be running CScript. If you have not set the default Windows Script Host to CScript, enter:

 cscript //h:cscript //s //nologo

For example

The following examples show how you can use the eventquery command:

 eventquery / l system 
 eventquery / l mylog 
 eventquery / l application / l system 
 eventquery / s srvmain / u maindomhiropln / pp @ ssW23 / v / l * 
 eventquery / r 10 / l application / nh 
 eventquery / r-10 / fo LIST / l security 
 eventquery / r 5-10 / l "DNS server" 
 eventquery / fi "Type eq Error" / l application 
 eventquery / fi "Datetime eq 06/25 / 00.03: 15:00 AM/06/25/00.03: 15: 00PM" / l application 
 eventquery / fi "Datetime gt 08/03 / 00.06: 20: 00PM" / fi "id gt 700" / fi "Type eq warning" / l system

See more:

  1. What is an IP address?
  2. Endlocal command in Windows
  3. Edit command in Windows
4 ★ | 21 Vote

You should read it

May be interested

  • Instructions for using Command PromptInstructions for using Command Prompt
    deep in windows is a command-line world that is obscure. in this article, we will show you how to solve errors and make your computer more secure.
  • Rd command in WindowsRd command in Windows
    the rd command helps delete a directory
  • Cmd command in WindowsCmd command in Windows
    the cmd command starts a new version of the command interpreter, cmd.exe. if used without parameters, cmd will display copyright information and the version of the operating system.
  • How to use the command history function in Command PromptHow to use the command history function in Command Prompt
    command prompt is an extremely familiar command for anyone using windows operating system. besides, a lot of current software also supports the command line to perform actions on the command prompt window, instead of on the screen.
  • The sfc command in WindowsThe sfc command in Windows
    (applies to windows server (semi-annual channel), windows server 2016, windows server 2012 r2, windows server 2012)
  • Reg command copy in WindowsReg command copy in Windows
    to copy an entry to the location specified on the local pc or the remote computer we will use the reg copy command. to learn more about how to use the reg copy command, you can track the syntax, explain the command parameters and the example tipsmake.com has compiled below.
  • Fc command in WindowsFc command in Windows
    the fc command compares two files or a collection of files and displays the differences between them.
  • The echo command in WindowsThe echo command in Windows
    the echo command displays the message or turns on / off the command repeat feature. if used without parameters, the echo command will display the current echo setting.
  • Xcopy command in WindowsXcopy command in Windows
    the xcopy command is a command prompt command used to copy one or more files or folders from one location to another. with many options and the ability to copy entire directories, the xcopy command is similar to, but much more powerful, than the copy command.
  • The cacls command in WindowsThe cacls command in Windows
    the cacls command displays or modifies an arbitrary access control list (dacl) on the specified file. the command applies to windows server (semi-annual channel), windows server 2016, windows server 2012 r2, windows server 2012.

Basic knowledge