| 0x1 | 無法開啟設定檔: %1!s!。%0 |
Failed to open config file: %1!s!.%0 |
| 0x2 | 不正確的設定檔。%0 |
Invalid config file.%0 |
| 0x3 | 無法初始化 COM。%0 |
Failed to initialize COM.%0 |
| 0x4 | 無法取得 %1!s! 內容。%0 |
Failed to get %1!s! property.%0 |
| 0x5 | 無法設定 %1!s! 內容。%0 |
Failed to set %1!s! property.%0 |
| 0x6 | 不支援命令 %1!s!。%0 |
Command %1!s! is not supported.%0 |
| 0x7 | 不正確的選項 %1!s!。未指定選項名稱。%0 |
Invalid option %1!s!. Option name is not specified.%0 |
| 0x8 | 不正確的選項 %1!s!。選項已經被指定過一次以上。%0 |
Invalid option %1!s!. Option is specified more than once.%0 |
| 0xA | 不正確的選項 %1!s!。未指定選項值。%0 |
Invalid option %1!s!. Option value is not specified.%0 |
| 0xB | 不正確的選項 %1!s!。選項不是布林值。%0 |
Invalid option %1!s!. Option is not Boolean.%0 |
| 0xC | 不正確的選項 %1!s!。不支援此選項。%0 |
Invalid option %1!s!. Option is not supported.%0 |
| 0xD | 選項 %1!s! 的值無效。%0 |
Invalid value for option %1!s!.%0 |
| 0xE | 選項 %1!s! 與 %2!s! 不可同時指定。%0 |
option %1!s! and %2!s! cannot be specified at the same time.%0 |
| 0xF | 指定太多引數。%0 |
Too many arguments are specified.%0 |
| 0x10 | 未指定必要引數。%0 |
Required argument(s) is/are not specified.%0 |
| 0x11 | 內部錯誤。%0 |
Internal error.%0 |
| 0x12 | 無法開啟伺服器工作階段: %1!s!。%0 |
Failed to open session to server: %1!s!.%0 |
| 0x13 | 無法讀取密碼。%0 |
Failed to read password.%0 |
| 0x14 | 未指定命令。%0 |
Command is not specified.%0 |
| 0x15 | 無法開啟發行者 %1!s! 的中繼資料。%0 |
Failed to open metadata for publisher %1!s!.%0 |
| 0x16 | 無法開啟發行者列舉。%0 |
Failed to open publisher enumeration.%0 |
| 0x17 | 無法列舉發行者。%0 |
Failed to enumerate publishers.%0 |
| 0x18 | 無法載入資源 %1!s!。%0 |
Failed to load resource %1!s!.%0 |
| 0x19 | 無法開啟發行者 %1!s! 的事件中繼資料。%0 |
Failed to open event metadata for publisher %1!s!.%0 |
| 0x1A | 無法列舉發行者 %1!s! 的事件中繼資料。%0 |
Failed to enumerate event metadata for publisher %1!s!.%0 |
| 0x1B | 無法轉譯事件。事件控制代碼 = 0x%1!08x!。%0 |
Failed to render event. Event handle = 0x%1!08x!.%0 |
| 0x1C | 無法登錄訂閱 %1!s!。%0 |
Failed to register subscription %1!s!.%0 |
| 0x1D | 無法讀取記錄檔 %1!s! 的設定。%0 |
Failed to read configuration for log %1!s!.%0 |
| 0x1E | 無法儲存設定或啟用記錄檔 %1!s!。%0 |
Failed to save configuration or activate log %1!s!.%0 |
| 0x1F | 無法讀取記錄檔 %1!s! 的記錄狀態資訊。%0 |
Failed to read log status information for log %1!s!.%0 |
| 0x20 | 無法載入 XML 文件 %1!s!。%0 |
Failed to load xml document %1!s!.%0 |
| 0x21 | 無法讀取 XML 節點 %1!s!。%0 |
Failed to read xml node %1!s!.%0 |
| 0x22 | 在資訊清單檔案 %1!s! 中找不到assembly/instrumentation/events:events 或events:instrumentationManifest/events:instrumentation/events:events節點。xmlns:events=\"http://schemas.microsoft.com/win/2004/08/events\"%0 |
assembly/instrumentation/events:events or events:instrumentationManifest/events:instrumentation/events:events nodeis not found in manifest file %1!s!.xmlns:events=\"http://schemas.microsoft.com/win/2004/08/events\"%0 |
| 0x23 | 屬性 %1!s! 的值無效。%0 |
Invalid value for property %1!s!.%0 |
| 0x24 | 找不到 LCID %1!s!。%0 |
LCID %1!s! cannot be found.%0 |
| 0x25 | 設定檔的根節點不是訂閱,或其命名空間不正確。%0 |
Root node of config file is not Subscription or in correct namespace.%0 |
| 0x26 | Windows 事件命令列公用程式可讓您抓取關於事件記錄檔與發行者的相關資訊、安裝與解除安裝事件資訊清單、執行查詢,以及匯出、封存和清除記錄檔。使用方式:您可使用簡短 (例如,ep /uni) 或完整 (例如,enum-publishers /unicode)版的命令與選項名稱。命令、選項及選項值不區分大小寫。變數以全大寫表示。wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]命令:el | enum-logs 列出記錄檔名稱。gl | get-log 取得記錄檔設定資訊。sl | set-log 修改記錄檔設定。ep | enum-publishers 列出事件發行者。gp | get-publisher 取得發行者設定資訊。im | install-manifest 從資訊清單安裝事件發行者與記錄檔。um | uninstall-manifest 從資訊清單解除安裝事件發行者與記錄檔。qe | query-events 從記錄檔查詢事件。gli | get-log-info 取得記錄檔狀態資訊。epl | export-log 匯出記錄檔。al | archive-log 封存匯出的記錄檔。cl | clear-log 清除記錄檔。命令選項:/{r | remote}:VALUE如果指定,會在遠端電腦上執行命令。VALUE 是遠端電腦名稱。選項 /im 與 /um不支援遠端作業。/{u | username}:VALUE指定其他登入遠端電腦的使用者。VALUE 是使用者名稱,格式為網域\\使用者或使用者。必須指定 /r 選項才適用。/{p | password}:VALUE指定之使用者的密碼。如未指定,或如果 VALUE 是 \"*\",系統將提示使用者輸入密碼。必須指定 /u 選項才適用。/{a | authentication}:[Default|Negotiate|Kerberos|NTLM]連線至遠端電腦的驗證類型。預設值為 Negotiate。/{uni | unicode}:[true|false]以 Unicode 顯示輸出。如為 true,會以 Unicode 輸出。若要深入了解特定命令,請輸入:wevtutil COMMAND /? |
Windows Events Command Line Utility.Enables you to retrieve information about event logs and publishers, installand uninstall event manifests, run queries, and export, archive, and clear logs.Usage:You can use either the short (for example, ep /uni) or long (for example, enum-publishers /unicode) version of the command and option names. Commands, options and option values are not case-sensitive.Variables are noted in all upper-case.wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]Commands:el | enum-logs List log names.gl | get-log Get log configuration information.sl | set-log Modify configuration of a log.ep | enum-publishers List event publishers.gp | get-publisher Get publisher configuration information.im | install-manifest Install event publishers and logs from manifest.um | uninstall-manifest Uninstall event publishers and logs from manifest.qe | query-events Query events from a log or log file.gli | get-log-info Get log status information.epl | export-log Export a log.al | archive-log Archive an exported log.cl | clear-log Clear a log.Common options:/{r | remote}:VALUEIf specified, run the command on a remote computer. VALUE is the remote computer name. Options /im and /um do not support remote operations./{u | username}:VALUESpecify a different user to log on to the remote computer. VALUE is a user namein the form domain\\user or user. Only applicable when option /r is specified./{p | password}:VALUEPassword for the specified user. If not specified, or if VALUE is \"*\", the user will be prompted to enter a password. Only applicable when the /u option isspecified./{a | authentication}:[Default|Negotiate|Kerberos|NTLM]Authentication type for connecting to remote computer. The default is Negotiate./{uni | unicode}:[true|false]Display output in Unicode. If true, then output is in Unicode. To learn more about a specific command, type the following:wevtutil COMMAND /? |
| 0x27 | 值 \"%1!s!\" 對隔離選項而言無效。%0 |
value \"%1!s!\" is invalid for isolation option.%0 |
| 0x28 | 列出所有記錄檔的名稱。使用方式:wevtutil { el | enum-logs }範例:下列範例會列出所有記錄檔的名稱。wevtutil el |
List the names of all logs.Usage:wevtutil { el | enum-logs }Example:The following example lists the names of all logs.wevtutil el |
| 0x29 | 無法開啟通道列舉。%0 |
Failed to open channel enumeration.%0 |
| 0x2A | 無法列舉通道。%0 |
Failed to enumerate channels.%0 |
| 0x2B | 顯示事件記錄檔設定資訊,包括記錄檔是否啟用、目前的記錄檔大小上限,以及儲存記錄檔之檔案的路徑。使用方式:wevtutil { gl | get-log } [/OPTION:VALUE [/OPTION:VALUE] ...]唯一識別記錄檔的字串。您可以執行 wevtutil el,以顯示所有記錄檔名稱清單。選項:您可使用簡短 (例如,/f) 或完整 (例如,/format)版的選項名稱。選項及選項值不區分大小寫。/{f | format}:[XML|Text]指定記錄檔格式。預設值為 Text。如果指定 XML,輸出會以 XML 格式儲存。如果指定 Text,儲存的輸出將不含 XML 標記。範例:下列範例會以 XML 格式顯示關於本機系統記錄檔的設定資訊。wevtutil gl System /f:xml |
Displays event log configuration information, including whether the log isenabled, the current maximum size limit of the log and the path to the filewhere the log is stored.Usage:wevtutil { gl | get-log } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies a log. You can display a list of all the lognames by running wevtutil el.Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{f | format}:[XML|Text]Specify the log file format. The default is Text. If XML is specified, output is stored in XML format. If Text is specified, output is stored without XML tags. Example:The following example displays configuration information about the local System log in XML format.wevtutil gl System /f:xml |
| 0x2C | 修改記錄檔設定。使用方式:wevtutil { sl | set-log } [/OPTION:VALUE [/OPTION:VALUE] ...]唯一識別記錄檔的字串。如果指定選項 /c,則不應指定 ,因為會從設定檔讀取該資訊。選項:您可使用簡短 (例如,/e) 或完整 (例如,/enable) 版的選項名稱。選項及選項值不區分大小寫。/{e | enabled}:[true|false]啟用或停用記錄檔。/{q | quiet}:[true|false]安靜顯示選項。使用者不會看到任何提示或訊息。如未指定,預設值為 true。/{fm | filemax}:設定要保留事件的啟用項目數目上限,其中的 是介於 1 和 16 之間的整數。每個啟用項目會建立一個檔案,因此,如果此值為 2,將會從前兩個啟用項目產生事件。重新開機會視為停用後再重新啟用通道。/{i | isolation}:[system|application|custom]記錄檔隔離模式。記錄檔的隔離模式決定了記錄檔是否與同一隔離類別中的其他記錄檔共用工作階段。如果您指定系統隔離,目標記錄檔將至少與系統記錄檔共用寫入權限。如果您指定應用程式隔離,目標記錄檔將至少與應用程式記錄檔共用寫入權限。如果您指定自訂隔離,您也必須使用 /ca 選項提供安全性描述元。/{lfn | logfilename}:VALUE記錄檔名稱。VALUE 是事件記錄檔服務儲存此記錄檔事件之檔案的完整路徑。/{rt | retention}:[true|false]記錄檔保留模式。記錄檔保留模式決定了記錄檔達到大小上限時的事件記錄檔服務行為。如果某個事件記錄檔達到其大小上限,且記錄檔保留模式為 true,則會保留現有的事件,並捨棄連入事件。如果記錄檔保留模式為 false,連入事件會覆寫記錄檔中最舊的事件。/{ab | autobackup}:[true|false]記錄檔自動備份原則。如果自動備份為 true,當記錄檔達到大小上限時將自動備份。另外,如果自動備份為 true,保留 (以 /rt 選項指定) 必須設為 true。/{ms | maxsize}:記錄檔大小上限,其中的 是位元組數目。請注意, 的最小值為 1048576(1024KB),而記錄檔永遠會是 64KB 的倍數,因此會自行四捨五入指定的值。/{l | level}:記錄檔的層級篩選,其中的 是任一有效的層級值。僅適用於有專用工作階段的記錄檔。您可以將 設為 0 以移除層級篩選。/{k | keywords}:VALUE記錄檔的關鍵字篩選。VALUE 可以是任一有效的 64 位元關鍵字遮罩。僅適用於有專用工作階段的記錄檔。/{ca | channelaccess}:VALUE事件記錄檔的存取權限。VALUE 是使用 Security Descriptor Definition Language(SDDL) 指定的安全性描述元。請搜尋 MSDN(http://msdn.microsoft.com),了解關於 SDDL 格式的資訊。/{c | config}:VALUE設定檔的路徑,其中的 VALUE 是完整檔案路徑。如果指定,將從此設定檔讀取記錄屬性。如果指定此選項,則不得指定 命令列參數。記錄檔名稱將會自該設定檔中讀取。範例:下列範例會使用設定檔來設定應用程式記錄檔的保留模式、自動備份原則,以及記錄檔的大小上限。請注意,設定檔是 XML 檔案,格式與 wevtutil gl /f:xml 的輸出相同。C:\\config.xml true true 9000000 wevtutil sl /c:config.xml |
Modify the configuration of a log.Usage:wevtutil { sl | set-log } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies a log. If option /c is specified, should not be specified since it is read from the config file.Options:You can use either the short (for example, /e) or long (for example, /enable) version of the option names. Options and their values are not case-sensitive./{e | enabled}:[true|false]Enable or disable a log./{q | quiet}:[true|false]Quiet display option. No prompts or messages are displayed to the user. If not specified, the default is true. /{fm | filemax}:Set Maximum number of enablements across which to preserve events, where is an integer between 1 and 16. One file is created for each enablement, so if this value is 2, events will be produced from the last two enablements. A reboot counts as disabling and then re-enabling the channel. /{i | isolation}:[system|application|custom]Log isolation mode. The isolation mode of a log determines whether a log shares a session with other logs in the same isolation class. If you specify system isolation, the target log will share at least write permissions with the System log. If you specify application isolation, the target log will share at least write permissions with the Application log. If you specify custom isolation, you must also provide a security descriptor by using the /ca option./{lfn | logfilename}:VALUELog file name. VALUE is the full path to the file where the Event Log service stores events for this log./{rt | retention}:[true|false]Log retention mode. The log retention mode determines the behavior of the Event Log service when a log reaches its maximum size. If an event log reaches its maximum size and the log retention mode is true, existing events are retained and incoming events are discarded. If the log retention mode is false, incoming events overwrite the oldest events in the log./{ab | autobackup}:[true|false]Log autobackup policy. If autobackup is true, the log will be backed up automatically when it reaches the maximum size. In addition, if autobackup is true, retention (specified with the /rt option) must be set to true./{ms | maxsize}:Maximum size of log, where is the number of bytes. Note that the minimum value for is 1048576 (1024KB) and log files are always multiples of 64KB, so the specified value will be rounded accordingly./{l | level}:Level filter of log, where is any valid level value. Only applicable to logs with a dedicated session. You can remove a level filter by setting to 0./{k | keywords}:VALUEKeywords filter of log. VALUE can be any valid 64 bit keyword mask. Only applicable to logs with a dedicated session./{ca | channelaccess}:VALUEAccess permission for an event log. VALUE is a security descriptor specifiedusing the Security Descriptor Definition Language (SDDL). Search MSDN(http://msdn.microsoft.com) for information about SDDL format./{c | config}:VALUEPath to the config file, where VALUE is the full file path. If specified, log properties will be read from this config file. If this option is specified, you must not specify the command line parameter. The log name will be read from the config file.Example:The following example sets retention, autobackup and maximum log size on the Application log by using a config file. Note that the config file is an XML file with the same format as the output of wevtutil gl /f:xml.C:\\config.xml true true 9000000 wevtutil sl /c:config.xml |
| 0x2D | 列出事件發行者。使用方式:wevtutil { ep | enum-publishers }範例:下列範例會列出目前電腦上的事件發行者。wevtutil ep |
List event publishers.Usage:wevtutil { ep | enum-publishers }Example:The following example lists the event publishers on the current computer.wevtutil ep |
| 0x2E | 取得事件發行者的設定資訊。使用方式:wevtutil { gp | get-publisher } [/OPTION:VALUE [/OPTION:VALUE] ...]唯一識別事件發行者的字串。您可以輸入 wevtutil ep,以取得發行者名稱清單。選項:您可使用簡短 (例如,/f) 或完整 (例如,/format) 版的選項名稱。選項及選項值不區分大小寫。/{ge | getevents}:[true|false]取得此發行者所發出事件的中繼資料資訊。/{gm | getmessage}:[true|false]顯示實際的訊息,而非數值訊息識別碼。/{f | format}:[XML|Text]指定記錄檔格式。預設值為 Text。如果指定 XML,會以 XML 格式列印輸出。如果指定 Text,列印的輸出將不含 XML 標記。範例:下列範例會顯示關於 Microsoft-Windows-Eventlog 事件發行者的資訊,包括關於發行者可發出之事件的中繼資料。wevtutil gp Microsoft-Windows-Eventlog /ge:true |
Get configuration information for event publishers.Usage:wevtutil { gp | get-publisher } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies an event publisher. You can obtain a list ofpublisher names by typing wevtutil ep.Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{ge | getevents}:[true|false]Get metadata information for events that can be raised by this publisher./{gm | getmessage}:[true|false]Display the actual message instead of the numeric message ID./{f | format}:[XML|Text]Specify the log file format. The default is Text. If XML is specified, printoutput in XML format. If Text is specified, print output without XML tags.Example:The following example displays information about the Microsoft-Windows-Eventlog event publisher including metadata about the events that the publisher can raise.wevtutil gp Microsoft-Windows-Eventlog /ge:true |
| 0x2F | 從事件記錄檔、記錄檔或使用結構化查詢讀取事件。使用方式:wevtutil { qe | query-events } [/OPTION:VALUE [/OPTION:VALUE] ...]依照預設,您要為 參數提供記錄檔名稱。不過,如果您使用 /lf 選項,則必須為 參數提供記錄檔的路徑。如果您使用 /sq 參數,則必須提供包含結構化查詢之檔案的路徑。選項:您可使用簡短 (例如,/f) 或完整 (例如,/format) 版的選項名稱。選項及選項值不區分大小寫。/{lf | logfile}:[true|false]如為 true, 是記錄檔的完整路徑。/{sq | structuredquery}:[true|false]如為 true, 是包含結構化查詢之檔案的完整路徑。/{q | query}:VALUEVALUE 是篩選所讀取事件的 XPath 查詢。如未指定,將傳回所有事件。當 /sq 為 true 時,無法使用此選項。/{bm | bookmark}:VALUEVALUE 是包含先前查詢的書籤之檔案的完整路徑。/{sbm | savebookmark}:VALUEVALUE 是儲存此查詢的書籤之檔案的完整路徑。副檔名應為 .xml。/{rd | reversedirection}:[true|false]事件讀取方向。如為 true,將優先傳回最新事件。/{f | format}:[XML|Text|RenderedXml]預設值為 XML。如果指定 Text,會以易於讀取的文字格式列印事件,而非 XML 格式。如為 RenderedXml,則會以 XML 格式列印含有轉譯資訊的事件。請注意,列印Text 或 RenderedXml 格式的事件,比列印 XML 格式慢。/{l | locale}:VALUEVALUE 是以特定地區設定列印事件文字的地區設定字串。當使用 /f 選項列印文字格式的事件時才可用。/{c | count}:要讀取的事件數目上限。/{e | element}:VALUE輸出事件 XML 時,包含根元素以產生格式正確的 XML。VALUE 是您想包含在根元素內的字串。例如,指定/e:root 會產生含有根元素對 的輸出 XML。範例:下列範例會以文字格式顯示應用程式記錄檔中最新的三個事件。wevtutil qe Application /c:3 /rd:true /f:text |
Read events from an event log, log file or using structured query.Usage:wevtutil { qe | query-events } [/OPTION:VALUE [/OPTION:VALUE] ...]By default, you provide a log name for the parameter. However, if you usethe /lf option, you must provide the path to a log file for the parameter.If you use the /sq parameter, you must provide the path to a file containing astructured query. Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]If true, is the full path to a log file./{sq | structuredquery}:[true|false]If true, is the full path to a file that contains a structured query./{q | query}:VALUEVALUE is an XPath query to filter events read. If not specified, all events will be returned. This option is not available when /sq is true./{bm | bookmark}:VALUEVALUE is the full path to a file that contains a bookmark from a previous query./{sbm | savebookmark}:VALUEVALUE is the full path to a file in which to save a bookmark of this query. The file extension should be .xml./{rd | reversedirection}:[true|false]Event read direction. If true, the most recent events are returned first./{f | format}:[XML|Text|RenderedXml]The default value is XML. If Text is specified, prints events in aneasy to read text format, rather than in XML format. If RenderedXml, prints events in XML format with rendering information. Note that printing events in Text or RenderedXml formats is slower than printing in XML format./{l | locale}:VALUEVALUE is a locale string to print event text in a specific locale. Only available when printing events in text format using the /f option./{c | count}:Maximum number of events to read./{e | element}:VALUEWhen outputting event XML, include a root element to produce well-formed XML.VALUE is the string you want within the root element. For example, specifying/e:root would result in output XML with the root element pair .Example:The following example displays the three most recent events from the Application log in text format.wevtutil qe Application /c:3 /rd:true /f:text |
| 0x30 | 僅 querytype 記錄與 LogFile 才能使用選項查詢。%0 |
Option query is only available for querytype Log and LogFile.%0 |
| 0x31 | 無法開啟事件查詢。%0 |
Failed to open event query.%0 |
| 0x32 | 在指定的書籤找不到事件。%0 |
Failed to seek to event at the specified bookmark.%0 |
| 0x33 | 在指定的事件記錄找不到事件。%0 |
Failed to seek to event at the specified event record.%0 |
| 0x34 | 無法讀取事件。%0 |
Failed to read events.%0 |
| 0x35 | 無法將書籤儲存至檔案 \"%1!s!\"。%0 |
Failed to save bookmark to file \"%1!s!\".%0 |
| 0x36 | 取得關於事件記錄檔或記錄檔的狀態資訊。使用方式:wevtutil { gli | get-loginfo } 記錄檔名稱或記錄檔路徑。如果選項 /lf 為 true,則是記錄檔路徑,且記錄檔的路徑是必要的。如果 /lf 為 false,則是記錄檔名稱。您可以輸入wevtutil el 以檢視記錄檔名稱清單。選項:您可使用簡短 (例如,/lf) 或完整 (例如,/logfile) 版的選項名稱。選項及選項值不區分大小寫。/{lf | logfile}:[true|false]指定是否建立記錄檔。如為 true, 為記錄檔路徑。範例:wevtutil gli Application |
Get status information about an event log or log file.Usage:wevtutil { gli | get-loginfo } Log name or log file path. If option /lf is true, it is a log file path, and the path to the log file is required. If /lf is false, it is the log name. You can view a list of log names by typing wevtutil el.Options:You can use either the short (for example, /lf) or long (for example, /logfile) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]Specify whether to create a log file. If true, is the log file path.Example:wevtutil gli Application |
| 0x37 | 從事件記錄檔清除事件,及選擇性地備份清除的事件。使用方式:wevtutil { cl | clear-log } [/OPTION:VALUE]要清除之記錄檔的名稱。您可以輸入 wevtutil el 以抓取記錄檔名稱清單。選項:您可使用簡短 (例如,/bu) 或完整 (例如,/backup) 版的選項名稱。選項及選項值不區分大小寫。/{bu | backup}:VALUE清除之事件的備份檔案。如果指定,清除的事件將儲存到該備份檔案。備份檔案名稱中需包含 .evtx 副檔名。範例:下列範例會先將應用程式記錄檔中的所有事件儲存到 C:\\admin\\backups\\al0306.evtx,然後再清除它們。wevtutil.exe cl Application /bu:C:\\admin\\backups\\al0306.evtx |
Clear events from an event log and, optionally, back up cleared events.Usage:wevtutil { cl | clear-log } [/OPTION:VALUE]Name of log to clear. You can retrieve a list of log names by typingwevtutil el.Options:You can use either the short (for example, /bu) or long (for example, /backup) version of the option names. Options and their values are not case-sensitive./{bu | backup}:VALUEBackup file for cleared events. If specified, the cleared events will be savedto the backup file. Include the .evtx extension in the backup file name.Example: The following example clears all the events from the Application log after saving them to C:\\admin\\backups\\al0306.evtx.wevtutil.exe cl Application /bu:C:\\admin\\backups\\al0306.evtx |
| 0x38 | 無法清除記錄檔 %1!s!。%0 |
Failed to clear log %1!s!.%0 |
| 0x39 | 從記錄檔或使用結構化查詢,將事件匯出至檔案。使用方式:wevtutil { epl | export-log } [/OPTION:VALUE [/OPTION:VALUE] ...]依照預設,您要為 提供記錄檔名稱。不過,如果您使用 /lf 選項,則必須為 值提供記錄檔的路徑。如果您使用 /sq 參數,則必須提供包含結構化查詢之檔案的路徑。儲存所匯出事件之檔案的路徑。選項:您可使用簡短 (例如,/l) 或完整 (例如,/locale) 版的選項名稱。選項及選項值不區分大小寫。/{lf | logfile}:[true|false]如為 true, 是記錄檔的路徑。/{sq | structuredquery}:[true|false]如為 true, 是包含結構化查詢之檔案的路徑。如果選取許多 (但非所有的) 事件,此命令可能需要一段時間才能完成。/{q | query}:VALUEVALUE 是篩選要匯出之事件的 XPath 查詢。如未指定,將傳回所有事件。當 /sq 為true 時,無法使用此選項。如果選取許多 (但非所有的) 事件,此命令可能需要一段時間才能完成。/{ow | overwrite}:[true|false]如為 true,且指定於 中的目的檔案已存在,將會在不確認的情況下覆寫該檔案。範例:下列範例會將系統記錄檔中的事件匯出到C:\\backup\\system0506.evtx。wevtutil epl System C:\\backup\\system0506.evtx |
Export events from a log, log file, or using structured query to a file.Usage:wevtutil { epl | export-log } [/OPTION:VALUE [/OPTION:VALUE] ...]By default, you provide a log name for . However, if youuse the /lf option, then you provide the path to a log file for the value. If you use the /sq parameter, then you provide the path to a filecontaining a structured query. Path to the file where the exported events are to be stored.Options:You can use either the short (for example, /l) or long (for example, /locale) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]If true, is the path to a log file./{sq | structuredquery}:[true|false]If true, is the path to a file that contains a structured query. The command might take a long time if selecting many, but not all, events./{q | query}:VALUEVALUE is an XPath query to filter the events you want to export. If not specified, all events will be returned. This option is not available when /sq is true. The command might take a long time if selecting many, but not all, events./{ow | overwrite}:[true|false]If true, and the destination file specified in already exists, it will be overwritten without confirmation.Example:The following example exports events from System log to C:\\backup\\system0506.evtx.wevtutil epl System C:\\backup\\system0506.evtx |
| 0x3A | 無法匯出記錄檔 %1!s!。%0 |
Failed to export log %1!s!.%0 |
| 0x3B | 以自封式格式封存記錄檔。會使用地區設定的名稱建立子目錄,所有地區設定特定的資訊會儲存在該子目錄中。當 archive-log 命令建立的目錄連同記錄檔一併存在時,無論是否已安裝發行者,都能讀取檔案中的事件。使用方式:wevtutil { al | archive-log } [/OPTION:VALUE [/OPTION:VALUE] ...]要封存的記錄檔。記錄檔可使用 export-log 或 clear-log 命令產生。選項:您可使用簡短 (例如,/l) 或完整 (例如,/locale) 版的選項名稱。選項及選項值不區分大小寫。/{l | locale}:VALUEVALUE 是以特定地區設定封存檔案的地區設定字串。如未指定,將使用目前控制台的地區設定。如需所有支援的地區設定字串清單,請參閱 LocaleNameToLCID API 的Microsoft Developer Network (MSDN) 文件。 |
Archive log file in a self-contained format. A subdirectory with the nameof the locale is created and all locale-specific information is saved inthat subdirectory. When the directory created by the archive-log command ispresent along with the log file, events in the file can be read whether ornot the publisher is installed.Usage:wevtutil { al | archive-log } [/OPTION:VALUE [/OPTION:VALUE] ...]The log file to be archived. A log file can be generated using export-log orclear-log command.Options:You can use either the short (for example, /l) or long (for example, /locale) version of the option names. Options and their values are not case-sensitive./{l | locale}:VALUEVALUE is a locale string to archive a log in a specific locale. If not specified, the locale of the current console will be used. For a list of all supported locale strings, please refer to the Microsoft Developer Network (MSDN) documentation for the LocaleNameToLCID API. |
| 0x3C | 無法封存記錄檔 %1!s!。%0 |
Failed to archive log %1!s!.%0 |
| 0x3D | 安裝資訊清單中的事件發行者與記錄檔。使用方式:wevtutil { im | install-manifest } [/OPTION:VALUE [/OPTION:VALUE] ...]事件資訊清單的檔案路徑。將安裝資訊清單中定義的所有發行者與記錄檔。若要深入了解事件資訊清單與使用此選項的資訊,請參考Microsoft Developers Network (MSDN) 上的 Windows Eventing SDK,網址:http://msdn.microsoft.com.選項:您可使用簡短 (例如,/rf) 或完整 (例如,/resourceFilePath) 版的選項名稱。選項及選項值不區分大小寫。/{rf | resourceFilePath}:VALUE資訊清單中要取代的 Provider 元素的 ResourceFileName 屬性。VALUE 應為資源檔案的完整路徑。/{mf | messageFilePath}:VALUE資訊清單中要取代的 Provider 元素的 MessageFileName 屬性。VALUE 應為訊息檔案的完整路徑。/{pf | parameterFilePath}:VALUE資訊清單中要取代的 Provider 元素的 ParameterFileName 屬性。VALUE 應為參數檔案的完整路徑。範例:下列範例會安裝 myManifest.man 資訊清單檔案中的發行者與記錄檔。wevtutil im myManifest.man /rf:^%systemroot^%/System32/wevtutil.exe |
Install event publishers and logs from manifest.Usage:wevtutil { im | install-manifest } [/OPTION:VALUE [/OPTION:VALUE] ...]File path to an event manifest. All publishers and logs defined in the manifestwill be installed. To learn more about event manifests and using this option,consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) athttp://msdn.microsoft.com.Options:You can use either the short (for example, /rf) or long (for example, /resourceFilePath) version of the option names. Options and their values are not case-sensitive./{rf | resourceFilePath}:VALUEResourceFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the resource file./{mf | messageFilePath}:VALUEMessageFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the message file./{pf | parameterFilePath}:VALUEParameterFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the parameter file.Example:The following example installs publishers and logs from the myManifest.man manifest file.wevtutil im myManifest.man /rf:^%systemroot^%/System32/wevtutil.exe |
| 0x3E | 已順利安裝發行者與通道,但無法啟用一或多個發行者與通道。%0 |
The publishers and channels were installed successfully, but we can't enable one or more publishers and channels.%0 |
| 0x3F | 解除安裝資訊清單中的事件發行者與記錄檔。使用方式:wevtutil { um | uninstall-manifest } 事件資訊清單的檔案路徑。將解除安裝資訊清單中定義的所有發行者與記錄檔。若要深入了解事件資訊清單與使用此選項的資訊,請參考Microsoft Developers Network (MSDN) 上的 Windows Eventing SDK,網址:http://msdn.microsoft.com。範例:下列範例會解除安裝 myManifest.man 資訊清單檔案中的發行者與記錄檔。wevtutil um myManifest.man |
Uninstall event publishers and logs from manifest.Usage:wevtutil { um | uninstall-manifest } File path to an event manifest. All publishers and logs defined in the manifestwill be uninstalled. To learn more about event manifests and using this option,consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) athttp://msdn.microsoft.com.Example:The following example uninstalls publishers and logs from the myManifest.man manifest file.wevtutil um myManifest.man |
| 0x40 | 輸入 %1!s! 的密碼:%0 |
Type the password for %1!s!:%0 |
| 0x41 | 無法讀取檔案 %1!s!。%0 |
Failed to read file %1!s!.%0 |
| 0x42 | 通道屬性 %1!s! 的值包含無效值。%0 |
The value for channel property %1!s! contains an invalid value.%0 |
| 0x43 | 如果未指定選項 %2!s!,則無法使用選項 %1!s!。%0 |
Option %1!s! is not available if option %2!s! is not specified.%0 |
| 0x44 | **** 警告: 啟用此類型的記錄檔會將它清除。您要啟用並清除此記錄檔嗎? [y/n]: |
**** Warning: Enabling this type of log clears it. Do you want to enable and clear this log? [y/n]: |
| 0x45 | **** 警告: 找不到發行者 %1 資源或 Local Service 帳戶無法存取該資源。 |
**** Warning: Publisher %1 resources could not be found or are not accessibleto the Local Service account. |
| 0x46 | **** 警告: 發行者 %1 已安裝於系統上。只會增加新值。如果您要更新之前的設定,請先解除安裝資訊清單。 |
**** Warning: Publisher %1 is installed onthe system. Only new values would be added. If you want to update previous settings, uninstall the manifest first. |
| 0x47 | 資訊清單中的提供者 %1 缺少通道名稱屬性。 |
Provider %1 in the manifest is missing the channel name attribute. |
| 0x48 | 資訊清單中的提供者 %1 包含的通道 %2 缺少類型屬性。 |
Provider %1 in the manifest contains channel %2 that is missing the type attribute. |
| 0x49 | 提供者 %1{%2} 缺少通道名稱屬性。 |
Provider %1{%2} is missing the channel name attribute. |
| 0x4A | 提供者 %1 資訊清單宣告了使用不支援的類型 %3 的通道 %2 |
Provider %1 manifest has declared a channel %2 that uses a non-supported type %3 |
| 0x4B | 提供者 %1 資訊清單宣告了使用不支援的隔離 %3 的通道 %2 |
Provider %1 manifest has declared a channel %2 that uses a non-supported isolation %3 |
| 0x4C | 已安裝提供者 %1,GUID 為 %2。 |
Provider %1 is already installed with GUID %2. |
| 0x4D | 現有的提供者 %2{%3} 已宣告通道 %1。 |
Channel %1 is declared by an existing provider %2{%3}. |
| 0x4E | 提供者有兩個通道具有相同值。 |
Provider has two channels with the same value. |
| 0x4F | 提供者缺少 GUID 屬性。 |
Provider is missing the GUID attribute. |
| 0x50 | 提供者 %1 的登錄中缺少名稱。 |
Provider %1 is missing the name in the registry. |
| 0x51 | 提供者 %1{%2} 的登錄值計數為 %3。 |
Provider %1{%2} has Registry value Count %3. |
| 0x52 | 提供者 %1{%2} 的 channelreferences 登錄機碼下缺少通道。 |
Provider %1{%2} is missing channels under the channelreferences registry key. |
| 0x53 | 提供者 %1{%2} 的索引機碼 %3 缺少通道名稱。 |
Provider %1{%2} is missing the channel name for the index key %3. |
| 0x54 | 提供者 %1{%2} 具有通道 (索引為 %3),但該通道缺少預設的登錄值。 |
Provider %1{%2} has a channel indexed %3 that is missing the default registry value. |
| 0x55 | **** 警告: 在資源檔案中找不到發行者 %1。resourceFileName: %2 |
**** Warning: Publisher %1 was not found in the resource file.resourceFileName: %2 |
| 0x56 | **** 警告: 找不到發行者 %1 的資源檔案或無法開啟。resourceFileName: %2 |
**** Warning: The resource file for publisher %1 was not found or could not be opened.resourceFileName: %2 |
| 0x57 | **** 警告: 發行者 %1 的資源檔案不包含中繼資料資源。請務必將「訊息編譯器」產生的 .bin 檔案連結到指定的二進位檔。resourceFileName: %2 |
**** Warning: The resource file for publisher %1 does not contain the metadata resource.Make sure to link the .bin file generated by the Message Compiler into thespecified binary.resourceFileName: %2 |
| 0x58 | 此版本的 Windows 不支援安全密碼輸入。%0 |
Secure password input is not available on this version of Windows.%0 |
| 0x59 | 此版本的 Windows 不提供事件記錄檔服務。不支援命令 %1!s!。 |
The Event Log service is not available on this version of Windows. Command %1!s! is not supported. |
| 0x5A | **** 警告: 此版本的 Windows 上不提供事件記錄檔服務。發行者與通道已順利安裝,但是我們無法在沒有該服務的情況下為 %1!s! 驗證發行者來源。 |
**** Warning: The Event Log service is not available on this version of Windows.The publishers and channels were installed successfully, but we can't validate the publisher resources for %1!s! without the service. |