The Windows event log is the first point of contact if problems occur with the Windows PC. The event log is normally edited via the Windows Event Viewer (services.msc) . But what very few Windows users or administrators know, there is also a command line command with which the Windows event log can be edited. The necessary command is
WEVTUTIL
This command line tool , which is supplied by Microsoft with every Windows version free of charge, is used to call up information on event logs. With the tool, event manifest files can be installed and uninstalled, the event logs queried, explored, deleted and archived. You can call up the various functions via an extensive parameter list.
| Wevtutil parameters | Description of the parameters |
|---|---|
| el | enum logs | List the protocol names. |
| gl | get-log | Gets the protocol configuration information. |
| sl | set log | Changes the configuration of a protocol. |
| ep | enum publishers | Retrieve the publisher configuration information. |
| in | install-manifest | Installs event publishers and logs from the manifest file. |
| at | uninstall-manifest | Uninstalls event publishers and logs from the manifest file. |
| qe | query events | Queries events from a log or a log file. |
| gli | get-log-info | Gets the log status information. |
| epl | export log | Exports a log. |
| al | archive-log | Archives an exported log. |
| cl | clear log | Deletes a log. |
Here are a few examples for calling the ” wevtutil ” tool including an explanation.
Overview of all event log names
With the following command you can get an overview of all available Windows event log names.
wevtutil el
Below you can see the command and the display of the first available event logs.
Clear event log by command
With the following command you can then delete individual event logs completely. As an example, we have completely deleted the “Application” event log. The complete command is:
wevtutil cl Application
If you call up the event log via ” services.msc ” after issuing the command , the complete event log ” Applications ” is empty. You can also recognize this from the fact that ” Number of events: 0 ” is displayed.
Most of the parameters of the ” wevtutil ” command are self-explanatory and very easy to use. We find the tool very useful and use it relatively often.
If you are interested in other useful Windows commands , take a look at the following amounts.
– Generate large dummy files manually and quickly using a command with FSUTIL – Reset
the local GPOs completely
using a command – ISOBURN – Windows ISO burning program as command line command
– Call up system administration tools in Windows 10 – Show
or delete available WLAN connections using a command
– RAM diagnosis with MDSCHED (Windows command)
– Control shortcuts for important Windows setting options
– PowerShell command to deactivate the firewall
– Shut down Windows and restart with PowerShell commands