Categories
Windows 2008

Server Core : Query the Event Log from the Command Line

Server Core : Query the Event Log from the Command Line

Use the following command to list events in the SYSTEM event log between 9th March 00:00 to 15:00:

{code lang:css showtitle:false lines:false hidden:false}wevtutil qe system “/q:*[System[TimeCreated[@SystemTime>=’2012-03-09T00:00:00′ and @SystemTime<‘2012-03-09T15:00:00’]]]” /f:text{/code}

Use the following command to query the SYSTEM event log for any event at or after midnight on 12th March:

{code lang:css showtitle:false lines:false hidden:false}wevtutil qe system “/q:*[System[TimeCreated[@SystemTime>=’2012-03-12T00:00:00′]]]” /f:text{/code}

 

Leave a Reply

Your email address will not be published. Required fields are marked *