Introduction
Command-line syntax
Examples
This command-line utility can be used to dump an event log into a tab-separated text file. It can also be used to apply a filter to find or exclude certain event types. You can use this utility to dump the event log of both local and remote systems.
The options for this utility are:
OptionMeaning
-s servernameSpecifies the server whose event log to dump. Leading
backslashes on the server name are optional.
-f filenameSpecifies the output file. The default is STDOUT.
-l lognameSpecifies which log (system, application, or security) to dump.
If you specify an invalid log name, the application log will be
dumped.
-m sourcenameSpecifies the source (such as Rdr, Serial, and so on) from which
to dump records, as you can only supply one source. If you do
not include this option, all events are dumped. If you specify a
source that is not registered in the Registry, the application log
will be searched for records of this type.
-e n1 n2 n3 ...Filters for event ID nn (you can specify up to 10 event IDs). If
you include the -r switch, all records except records of these
types are dumped. If you do not include the -r option, only
records of these types are dumped, and all events from the
specified sourcename are selected. You cannot use this option
without the -m option.
-rSpecifies whether to apply a filter to find or exclude specified
sources or records.
-tIf you include this option, individual strings are separated by
tabs. If you do not include this option, they are separated by
spaces.
To dump the system event log on server \\Eventsvr to a file Event.out:
To dump the local system event log, including only rdr events 2013:
To dump the local application log, and include all events except ones from the garbase source: