wevtutil.exe Eventing Command Line Utility 6e36ae295d2bb1a53baedffcce5f676f

File info

File name: wevtutil.exe.mui
Size: 45568 byte
MD5: 6e36ae295d2bb1a53baedffcce5f676f
SHA1: a6b64583f9d307ef4ac508114c63004c70e40e9c
SHA256: f0ac851c3b508aa8cbc189f931cb76b2c260939f5ffda4c70dbaa06e607c4841
Operating systems: Windows 10
Extension: MUI
In x64: wevtutil.exe Eventing Command Line Utility (32-bit)

Translations messages and strings

If an error occurred or the following message in English (U.S.) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id English (U.S.) English
0x1Failed to open config file: %1!s!.%0 Failed to open config file: %1!s!.%0
0x2Invalid config file.%0 Invalid config file.%0
0x3Failed to initialize COM.%0 Failed to initialize COM.%0
0x4Failed to get %1!s! property.%0 Failed to get %1!s! property.%0
0x5Failed to set %1!s! property.%0 Failed to set %1!s! property.%0
0x6Command %1!s! is not supported.%0 Command %1!s! is not supported.%0
0x7Invalid option %1!s!. Option name is not specified.%0 Invalid option %1!s!. Option name is not specified.%0
0x8Invalid option %1!s!. Option is specified more than once.%0 Invalid option %1!s!. Option is specified more than once.%0
0xAInvalid option %1!s!. Option value is not specified.%0 Invalid option %1!s!. Option value is not specified.%0
0xBInvalid option %1!s!. Option is not Boolean.%0 Invalid option %1!s!. Option is not Boolean.%0
0xCInvalid option %1!s!. Option is not supported.%0 Invalid option %1!s!. Option is not supported.%0
0xDInvalid value for option %1!s!.%0 Invalid value for option %1!s!.%0
0xEoption %1!s! and %2!s! cannot be specified at the same time.%0 option %1!s! and %2!s! cannot be specified at the same time.%0
0xFToo many arguments are specified.%0 Too many arguments are specified.%0
0x10Required argument(s) is/are not specified.%0 Required argument(s) is/are not specified.%0
0x11Internal error.%0 Internal error.%0
0x12Failed to open session to server: %1!s!.%0 Failed to open session to server: %1!s!.%0
0x13Failed to read password.%0 Failed to read password.%0
0x14Command is not specified.%0 Command is not specified.%0
0x15Failed to open metadata for publisher %1!s!.%0 Failed to open metadata for publisher %1!s!.%0
0x16Failed to open publisher enumeration.%0 Failed to open publisher enumeration.%0
0x17Failed to enumerate publishers.%0 Failed to enumerate publishers.%0
0x18Failed to load resource %1!s!.%0 Failed to load resource %1!s!.%0
0x19Failed to open event metadata for publisher %1!s!.%0 Failed to open event metadata for publisher %1!s!.%0
0x1AFailed to enumerate event metadata for publisher %1!s!.%0 Failed to enumerate event metadata for publisher %1!s!.%0
0x1BFailed to render event. Event handle = 0x%1!08x!.%0 Failed to render event. Event handle = 0x%1!08x!.%0
0x1CFailed to register subscription %1!s!.%0 Failed to register subscription %1!s!.%0
0x1DFailed to read configuration for log %1!s!.%0 Failed to read configuration for log %1!s!.%0
0x1EFailed to save configuration or activate log %1!s!.%0 Failed to save configuration or activate log %1!s!.%0
0x1FFailed to read log status information for log %1!s!.%0 Failed to read log status information for log %1!s!.%0
0x20Failed to load xml document %1!s!.%0 Failed to load xml document %1!s!.%0
0x21Failed to read xml node %1!s!.%0 Failed to read xml node %1!s!.%0
0x22assembly/instrumentation/events:events or events:instrumentationManifest/events:instrumentation/events:events nodeis not found in manifest file %1!s!.xmlns:events=\"http://schemas.microsoft.com/win/2004/08/events\"%0 assembly/instrumentation/events:events or events:instrumentationManifest/events:instrumentation/events:events nodeis not found in manifest file %1!s!.xmlns:events=\"http://schemas.microsoft.com/win/2004/08/events\"%0
0x23Invalid value for property %1!s!.%0 Invalid value for property %1!s!.%0
0x24LCID %1!s! cannot be found.%0 LCID %1!s! cannot be found.%0
0x25Root node of config file is not Subscription or in correct namespace.%0 Root node of config file is not Subscription or in correct namespace.%0
0x26Windows Events Command Line Utility.Enables you to retrieve information about event logs and publishers, installand uninstall event manifests, run queries, and export, archive, and clear logs.Usage:You can use either the short (for example, ep /uni) or long (for example, enum-publishers /unicode) version of the command and option names. Commands, options and option values are not case-sensitive.Variables are noted in all upper-case.wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]Commands:el | enum-logs List log names.gl | get-log Get log configuration information.sl | set-log Modify configuration of a log.ep | enum-publishers List event publishers.gp | get-publisher Get publisher configuration information.im | install-manifest Install event publishers and logs from manifest.um | uninstall-manifest Uninstall event publishers and logs from manifest.qe | query-events Query events from a log or log file.gli | get-log-info Get log status information.epl | export-log Export a log.al | archive-log Archive an exported log.cl | clear-log Clear a log.Common options:/{r | remote}:VALUEIf specified, run the command on a remote computer. VALUE is the remote computer name. Options /im and /um do not support remote operations./{u | username}:VALUESpecify a different user to log on to the remote computer. VALUE is a user namein the form domain\\user or user. Only applicable when option /r is specified./{p | password}:VALUEPassword for the specified user. If not specified, or if VALUE is \"*\", the user will be prompted to enter a password. Only applicable when the /u option isspecified./{a | authentication}:[Default|Negotiate|Kerberos|NTLM]Authentication type for connecting to remote computer. The default is Negotiate./{uni | unicode}:[true|false]Display output in Unicode. If true, then output is in Unicode. To learn more about a specific command, type the following:wevtutil COMMAND /? Windows Events Command Line Utility.Enables you to retrieve information about event logs and publishers, installand uninstall event manifests, run queries, and export, archive, and clear logs.Usage:You can use either the short (for example, ep /uni) or long (for example, enum-publishers /unicode) version of the command and option names. Commands, options and option values are not case-sensitive.Variables are noted in all upper-case.wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]Commands:el | enum-logs List log names.gl | get-log Get log configuration information.sl | set-log Modify configuration of a log.ep | enum-publishers List event publishers.gp | get-publisher Get publisher configuration information.im | install-manifest Install event publishers and logs from manifest.um | uninstall-manifest Uninstall event publishers and logs from manifest.qe | query-events Query events from a log or log file.gli | get-log-info Get log status information.epl | export-log Export a log.al | archive-log Archive an exported log.cl | clear-log Clear a log.Common options:/{r | remote}:VALUEIf specified, run the command on a remote computer. VALUE is the remote computer name. Options /im and /um do not support remote operations./{u | username}:VALUESpecify a different user to log on to the remote computer. VALUE is a user namein the form domain\\user or user. Only applicable when option /r is specified./{p | password}:VALUEPassword for the specified user. If not specified, or if VALUE is \"*\", the user will be prompted to enter a password. Only applicable when the /u option isspecified./{a | authentication}:[Default|Negotiate|Kerberos|NTLM]Authentication type for connecting to remote computer. The default is Negotiate./{uni | unicode}:[true|false]Display output in Unicode. If true, then output is in Unicode. To learn more about a specific command, type the following:wevtutil COMMAND /?
0x27value \"%1!s!\" is invalid for isolation option.%0 value \"%1!s!\" is invalid for isolation option.%0
0x28List the names of all logs.Usage:wevtutil { el | enum-logs }Example:The following example lists the names of all logs.wevtutil el List the names of all logs.Usage:wevtutil { el | enum-logs }Example:The following example lists the names of all logs.wevtutil el
0x29Failed to open channel enumeration.%0 Failed to open channel enumeration.%0
0x2AFailed to enumerate channels.%0 Failed to enumerate channels.%0
0x2BDisplays event log configuration information, including whether the log isenabled, the current maximum size limit of the log and the path to the filewhere the log is stored.Usage:wevtutil { gl | get-log } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies a log. You can display a list of all the lognames by running wevtutil el.Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{f | format}:[XML|Text]Specify the log file format. The default is Text. If XML is specified, output is stored in XML format. If Text is specified, output is stored without XML tags. Example:The following example displays configuration information about the local System log in XML format.wevtutil gl System /f:xml Displays event log configuration information, including whether the log isenabled, the current maximum size limit of the log and the path to the filewhere the log is stored.Usage:wevtutil { gl | get-log } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies a log. You can display a list of all the lognames by running wevtutil el.Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{f | format}:[XML|Text]Specify the log file format. The default is Text. If XML is specified, output is stored in XML format. If Text is specified, output is stored without XML tags. Example:The following example displays configuration information about the local System log in XML format.wevtutil gl System /f:xml
0x2CModify the configuration of a log.Usage:wevtutil { sl | set-log } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies a log. If option /c is specified, should not be specified since it is read from the config file.Options:You can use either the short (for example, /e) or long (for example, /enable) version of the option names. Options and their values are not case-sensitive./{e | enabled}:[true|false]Enable or disable a log./{q | quiet}:[true|false]Quiet display option. No prompts or messages are displayed to the user. If not specified, the default is true. /{fm | filemax}:Set Maximum number of enablements across which to preserve events, where is an integer between 1 and 16. One file is created for each enablement, so if this value is 2, events will be produced from the last two enablements. A reboot counts as disabling and then re-enabling the channel. /{i | isolation}:[system|application|custom]Log isolation mode. The isolation mode of a log determines whether a log shares a session with other logs in the same isolation class. If you specify system isolation, the target log will share at least write permissions with the System log. If you specify application isolation, the target log will share at least write permissions with the Application log. If you specify custom isolation, you must also provide a security descriptor by using the /ca option./{lfn | logfilename}:VALUELog file name. VALUE is the full path to the file where the Event Log service stores events for this log./{rt | retention}:[true|false]Log retention mode. The log retention mode determines the behavior of the Event Log service when a log reaches its maximum size. If an event log reaches its maximum size and the log retention mode is true, existing events are retained and incoming events are discarded. If the log retention mode is false, incoming events overwrite the oldest events in the log./{ab | autobackup}:[true|false]Log autobackup policy. If autobackup is true, the log will be backed up automatically when it reaches the maximum size. In addition, if autobackup is true, retention (specified with the /rt option) must be set to true./{ms | maxsize}:Maximum size of log, where is the number of bytes. Note that the minimum value for is 1048576 (1024KB) and log files are always multiples of 64KB, so the specified value will be rounded accordingly./{l | level}:Level filter of log, where is any valid level value. Only applicable to logs with a dedicated session. You can remove a level filter by setting to 0./{k | keywords}:VALUEKeywords filter of log. VALUE can be any valid 64 bit keyword mask. Only applicable to logs with a dedicated session./{ca | channelaccess}:VALUEAccess permission for an event log. VALUE is a security descriptor specifiedusing the Security Descriptor Definition Language (SDDL). Search MSDN(http://msdn.microsoft.com) for information about SDDL format./{c | config}:VALUEPath to the config file, where VALUE is the full file path. If specified, log properties will be read from this config file. If this option is specified, you must not specify the command line parameter. The log name will be read from the config file.Example:The following example sets retention, autobackup and maximum log size on the Application log by using a config file. Note that the config file is an XML file with the same format as the output of wevtutil gl /f:xml.C:\\config.xml true true 9000000 wevtutil sl /c:config.xml Modify the configuration of a log.Usage:wevtutil { sl | set-log } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies a log. If option /c is specified, should not be specified since it is read from the config file.Options:You can use either the short (for example, /e) or long (for example, /enable) version of the option names. Options and their values are not case-sensitive./{e | enabled}:[true|false]Enable or disable a log./{q | quiet}:[true|false]Quiet display option. No prompts or messages are displayed to the user. If not specified, the default is true. /{fm | filemax}:Set Maximum number of enablements across which to preserve events, where is an integer between 1 and 16. One file is created for each enablement, so if this value is 2, events will be produced from the last two enablements. A reboot counts as disabling and then re-enabling the channel. /{i | isolation}:[system|application|custom]Log isolation mode. The isolation mode of a log determines whether a log shares a session with other logs in the same isolation class. If you specify system isolation, the target log will share at least write permissions with the System log. If you specify application isolation, the target log will share at least write permissions with the Application log. If you specify custom isolation, you must also provide a security descriptor by using the /ca option./{lfn | logfilename}:VALUELog file name. VALUE is the full path to the file where the Event Log service stores events for this log./{rt | retention}:[true|false]Log retention mode. The log retention mode determines the behavior of the Event Log service when a log reaches its maximum size. If an event log reaches its maximum size and the log retention mode is true, existing events are retained and incoming events are discarded. If the log retention mode is false, incoming events overwrite the oldest events in the log./{ab | autobackup}:[true|false]Log autobackup policy. If autobackup is true, the log will be backed up automatically when it reaches the maximum size. In addition, if autobackup is true, retention (specified with the /rt option) must be set to true./{ms | maxsize}:Maximum size of log, where is the number of bytes. Note that the minimum value for is 1048576 (1024KB) and log files are always multiples of 64KB, so the specified value will be rounded accordingly./{l | level}:Level filter of log, where is any valid level value. Only applicable to logs with a dedicated session. You can remove a level filter by setting to 0./{k | keywords}:VALUEKeywords filter of log. VALUE can be any valid 64 bit keyword mask. Only applicable to logs with a dedicated session./{ca | channelaccess}:VALUEAccess permission for an event log. VALUE is a security descriptor specifiedusing the Security Descriptor Definition Language (SDDL). Search MSDN(http://msdn.microsoft.com) for information about SDDL format./{c | config}:VALUEPath to the config file, where VALUE is the full file path. If specified, log properties will be read from this config file. If this option is specified, you must not specify the command line parameter. The log name will be read from the config file.Example:The following example sets retention, autobackup and maximum log size on the Application log by using a config file. Note that the config file is an XML file with the same format as the output of wevtutil gl /f:xml.C:\\config.xml true true 9000000 wevtutil sl /c:config.xml
0x2DList event publishers.Usage:wevtutil { ep | enum-publishers }Example:The following example lists the event publishers on the current computer.wevtutil ep List event publishers.Usage:wevtutil { ep | enum-publishers }Example:The following example lists the event publishers on the current computer.wevtutil ep
0x2EGet configuration information for event publishers.Usage:wevtutil { gp | get-publisher } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies an event publisher. You can obtain a list ofpublisher names by typing wevtutil ep.Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{ge | getevents}:[true|false]Get metadata information for events that can be raised by this publisher./{gm | getmessage}:[true|false]Display the actual message instead of the numeric message ID./{f | format}:[XML|Text]Specify the log file format. The default is Text. If XML is specified, printoutput in XML format. If Text is specified, print output without XML tags.Example:The following example displays information about the Microsoft-Windows-Eventlog event publisher including metadata about the events that the publisher can raise.wevtutil gp Microsoft-Windows-Eventlog /ge:true Get configuration information for event publishers.Usage:wevtutil { gp | get-publisher } [/OPTION:VALUE [/OPTION:VALUE] ...]String that uniquely identifies an event publisher. You can obtain a list ofpublisher names by typing wevtutil ep.Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{ge | getevents}:[true|false]Get metadata information for events that can be raised by this publisher./{gm | getmessage}:[true|false]Display the actual message instead of the numeric message ID./{f | format}:[XML|Text]Specify the log file format. The default is Text. If XML is specified, printoutput in XML format. If Text is specified, print output without XML tags.Example:The following example displays information about the Microsoft-Windows-Eventlog event publisher including metadata about the events that the publisher can raise.wevtutil gp Microsoft-Windows-Eventlog /ge:true
0x2FRead events from an event log, log file or using structured query.Usage:wevtutil { qe | query-events } [/OPTION:VALUE [/OPTION:VALUE] ...]By default, you provide a log name for the parameter. However, if you usethe /lf option, you must provide the path to a log file for the parameter.If you use the /sq parameter, you must provide the path to a file containing astructured query. Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]If true, is the full path to a log file./{sq | structuredquery}:[true|false]If true, is the full path to a file that contains a structured query./{q | query}:VALUEVALUE is an XPath query to filter events read. If not specified, all events will be returned. This option is not available when /sq is true./{bm | bookmark}:VALUEVALUE is the full path to a file that contains a bookmark from a previous query./{sbm | savebookmark}:VALUEVALUE is the full path to a file in which to save a bookmark of this query. The file extension should be .xml./{rd | reversedirection}:[true|false]Event read direction. If true, the most recent events are returned first./{f | format}:[XML|Text|RenderedXml]The default value is XML. If Text is specified, prints events in aneasy to read text format, rather than in XML format. If RenderedXml, prints events in XML format with rendering information. Note that printing events in Text or RenderedXml formats is slower than printing in XML format./{l | locale}:VALUEVALUE is a locale string to print event text in a specific locale. Only available when printing events in text format using the /f option./{c | count}:Maximum number of events to read./{e | element}:VALUEWhen outputting event XML, include a root element to produce well-formed XML.VALUE is the string you want within the root element. For example, specifying/e:root would result in output XML with the root element pair .Example:The following example displays the three most recent events from the Application log in text format.wevtutil qe Application /c:3 /rd:true /f:text Read events from an event log, log file or using structured query.Usage:wevtutil { qe | query-events } [/OPTION:VALUE [/OPTION:VALUE] ...]By default, you provide a log name for the parameter. However, if you usethe /lf option, you must provide the path to a log file for the parameter.If you use the /sq parameter, you must provide the path to a file containing astructured query. Options:You can use either the short (for example, /f) or long (for example, /format) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]If true, is the full path to a log file./{sq | structuredquery}:[true|false]If true, is the full path to a file that contains a structured query./{q | query}:VALUEVALUE is an XPath query to filter events read. If not specified, all events will be returned. This option is not available when /sq is true./{bm | bookmark}:VALUEVALUE is the full path to a file that contains a bookmark from a previous query./{sbm | savebookmark}:VALUEVALUE is the full path to a file in which to save a bookmark of this query. The file extension should be .xml./{rd | reversedirection}:[true|false]Event read direction. If true, the most recent events are returned first./{f | format}:[XML|Text|RenderedXml]The default value is XML. If Text is specified, prints events in aneasy to read text format, rather than in XML format. If RenderedXml, prints events in XML format with rendering information. Note that printing events in Text or RenderedXml formats is slower than printing in XML format./{l | locale}:VALUEVALUE is a locale string to print event text in a specific locale. Only available when printing events in text format using the /f option./{c | count}:Maximum number of events to read./{e | element}:VALUEWhen outputting event XML, include a root element to produce well-formed XML.VALUE is the string you want within the root element. For example, specifying/e:root would result in output XML with the root element pair .Example:The following example displays the three most recent events from the Application log in text format.wevtutil qe Application /c:3 /rd:true /f:text
0x30Option query is only available for querytype Log and LogFile.%0 Option query is only available for querytype Log and LogFile.%0
0x31Failed to open event query.%0 Failed to open event query.%0
0x32Failed to seek to event at the specified bookmark.%0 Failed to seek to event at the specified bookmark.%0
0x33Failed to seek to event at the specified event record.%0 Failed to seek to event at the specified event record.%0
0x34Failed to read events.%0 Failed to read events.%0
0x35Failed to save bookmark to file \"%1!s!\".%0 Failed to save bookmark to file \"%1!s!\".%0
0x36Get status information about an event log or log file.Usage:wevtutil { gli | get-loginfo } Log name or log file path. If option /lf is true, it is a log file path, and the path to the log file is required. If /lf is false, it is the log name. You can view a list of log names by typing wevtutil el.Options:You can use either the short (for example, /lf) or long (for example, /logfile) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]Specify whether to create a log file. If true, is the log file path.Example:wevtutil gli Application Get status information about an event log or log file.Usage:wevtutil { gli | get-loginfo } Log name or log file path. If option /lf is true, it is a log file path, and the path to the log file is required. If /lf is false, it is the log name. You can view a list of log names by typing wevtutil el.Options:You can use either the short (for example, /lf) or long (for example, /logfile) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]Specify whether to create a log file. If true, is the log file path.Example:wevtutil gli Application
0x37Clear events from an event log and, optionally, back up cleared events.Usage:wevtutil { cl | clear-log } [/OPTION:VALUE]Name of log to clear. You can retrieve a list of log names by typingwevtutil el.Options:You can use either the short (for example, /bu) or long (for example, /backup) version of the option names. Options and their values are not case-sensitive./{bu | backup}:VALUEBackup file for cleared events. If specified, the cleared events will be savedto the backup file. Include the .evtx extension in the backup file name.Example: The following example clears all the events from the Application log after saving them to C:\\admin\\backups\\al0306.evtx.wevtutil.exe cl Application /bu:C:\\admin\\backups\\al0306.evtx Clear events from an event log and, optionally, back up cleared events.Usage:wevtutil { cl | clear-log } [/OPTION:VALUE]Name of log to clear. You can retrieve a list of log names by typingwevtutil el.Options:You can use either the short (for example, /bu) or long (for example, /backup) version of the option names. Options and their values are not case-sensitive./{bu | backup}:VALUEBackup file for cleared events. If specified, the cleared events will be savedto the backup file. Include the .evtx extension in the backup file name.Example: The following example clears all the events from the Application log after saving them to C:\\admin\\backups\\al0306.evtx.wevtutil.exe cl Application /bu:C:\\admin\\backups\\al0306.evtx
0x38Failed to clear log %1!s!.%0 Failed to clear log %1!s!.%0
0x39Export events from a log, log file, or using structured query to a file.Usage:wevtutil { epl | export-log } [/OPTION:VALUE [/OPTION:VALUE] ...]By default, you provide a log name for . However, if youuse the /lf option, then you provide the path to a log file for the value. If you use the /sq parameter, then you provide the path to a filecontaining a structured query. Path to the file where the exported events are to be stored.Options:You can use either the short (for example, /l) or long (for example, /locale) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]If true, is the path to a log file./{sq | structuredquery}:[true|false]If true, is the path to a file that contains a structured query. The command might take a long time if selecting many, but not all, events./{q | query}:VALUEVALUE is an XPath query to filter the events you want to export. If not specified, all events will be returned. This option is not available when /sq is true. The command might take a long time if selecting many, but not all, events./{ow | overwrite}:[true|false]If true, and the destination file specified in already exists, it will be overwritten without confirmation.Example:The following example exports events from System log to C:\\backup\\system0506.evtx.wevtutil epl System C:\\backup\\system0506.evtx Export events from a log, log file, or using structured query to a file.Usage:wevtutil { epl | export-log } [/OPTION:VALUE [/OPTION:VALUE] ...]By default, you provide a log name for . However, if youuse the /lf option, then you provide the path to a log file for the value. If you use the /sq parameter, then you provide the path to a filecontaining a structured query. Path to the file where the exported events are to be stored.Options:You can use either the short (for example, /l) or long (for example, /locale) version of the option names. Options and their values are not case-sensitive./{lf | logfile}:[true|false]If true, is the path to a log file./{sq | structuredquery}:[true|false]If true, is the path to a file that contains a structured query. The command might take a long time if selecting many, but not all, events./{q | query}:VALUEVALUE is an XPath query to filter the events you want to export. If not specified, all events will be returned. This option is not available when /sq is true. The command might take a long time if selecting many, but not all, events./{ow | overwrite}:[true|false]If true, and the destination file specified in already exists, it will be overwritten without confirmation.Example:The following example exports events from System log to C:\\backup\\system0506.evtx.wevtutil epl System C:\\backup\\system0506.evtx
0x3AFailed to export log %1!s!.%0 Failed to export log %1!s!.%0
0x3BArchive log file in a self-contained format. A subdirectory with the nameof the locale is created and all locale-specific information is saved inthat subdirectory. When the directory created by the archive-log command ispresent along with the log file, events in the file can be read whether ornot the publisher is installed.Usage:wevtutil { al | archive-log } [/OPTION:VALUE [/OPTION:VALUE] ...]The log file to be archived. A log file can be generated using export-log orclear-log command.Options:You can use either the short (for example, /l) or long (for example, /locale) version of the option names. Options and their values are not case-sensitive./{l | locale}:VALUEVALUE is a locale string to archive a log in a specific locale. If not specified, the locale of the current console will be used. For a list of all supported locale strings, please refer to the Microsoft Developer Network (MSDN) documentation for the LocaleNameToLCID API. Archive log file in a self-contained format. A subdirectory with the nameof the locale is created and all locale-specific information is saved inthat subdirectory. When the directory created by the archive-log command ispresent along with the log file, events in the file can be read whether ornot the publisher is installed.Usage:wevtutil { al | archive-log } [/OPTION:VALUE [/OPTION:VALUE] ...]The log file to be archived. A log file can be generated using export-log orclear-log command.Options:You can use either the short (for example, /l) or long (for example, /locale) version of the option names. Options and their values are not case-sensitive./{l | locale}:VALUEVALUE is a locale string to archive a log in a specific locale. If not specified, the locale of the current console will be used. For a list of all supported locale strings, please refer to the Microsoft Developer Network (MSDN) documentation for the LocaleNameToLCID API.
0x3CFailed to archive log %1!s!.%0 Failed to archive log %1!s!.%0
0x3DInstall event publishers and logs from manifest.Usage:wevtutil { im | install-manifest } [/OPTION:VALUE [/OPTION:VALUE] ...]File path to an event manifest. All publishers and logs defined in the manifestwill be installed. To learn more about event manifests and using this option,consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) athttp://msdn.microsoft.com.Options:You can use either the short (for example, /rf) or long (for example, /resourceFilePath) version of the option names. Options and their values are not case-sensitive./{rf | resourceFilePath}:VALUEResourceFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the resource file./{mf | messageFilePath}:VALUEMessageFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the message file./{pf | parameterFilePath}:VALUEParameterFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the parameter file.Example:The following example installs publishers and logs from the myManifest.man manifest file.wevtutil im myManifest.man /rf:^%systemroot^%/System32/wevtutil.exe Install event publishers and logs from manifest.Usage:wevtutil { im | install-manifest } [/OPTION:VALUE [/OPTION:VALUE] ...]File path to an event manifest. All publishers and logs defined in the manifestwill be installed. To learn more about event manifests and using this option,consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) athttp://msdn.microsoft.com.Options:You can use either the short (for example, /rf) or long (for example, /resourceFilePath) version of the option names. Options and their values are not case-sensitive./{rf | resourceFilePath}:VALUEResourceFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the resource file./{mf | messageFilePath}:VALUEMessageFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the message file./{pf | parameterFilePath}:VALUEParameterFileName attribute of the Provider Element in the manifest to be replaced.The VALUE should be the full path to the parameter file.Example:The following example installs publishers and logs from the myManifest.man manifest file.wevtutil im myManifest.man /rf:^%systemroot^%/System32/wevtutil.exe
0x3EThe publishers and channels were installed successfully, but we can't enable one or more publishers and channels.%0 The publishers and channels were installed successfully, but we can't enable one or more publishers and channels.%0
0x3FUninstall event publishers and logs from manifest.Usage:wevtutil { um | uninstall-manifest } File path to an event manifest. All publishers and logs defined in the manifestwill be uninstalled. To learn more about event manifests and using this option,consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) athttp://msdn.microsoft.com.Example:The following example uninstalls publishers and logs from the myManifest.man manifest file.wevtutil um myManifest.man Uninstall event publishers and logs from manifest.Usage:wevtutil { um | uninstall-manifest } File path to an event manifest. All publishers and logs defined in the manifestwill be uninstalled. To learn more about event manifests and using this option,consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) athttp://msdn.microsoft.com.Example:The following example uninstalls publishers and logs from the myManifest.man manifest file.wevtutil um myManifest.man
0x40Type the password for %1!s!:%0 Type the password for %1!s!:%0
0x41Failed to read file %1!s!.%0 Failed to read file %1!s!.%0
0x42The value for channel property %1!s! contains an invalid value.%0 The value for channel property %1!s! contains an invalid value.%0
0x43Option %1!s! is not available if option %2!s! is not specified.%0 Option %1!s! is not available if option %2!s! is not specified.%0
0x44**** Warning: Enabling this type of log clears it. Do you want to enable and clear this log? [y/n]: **** Warning: Enabling this type of log clears it. Do you want to enable and clear this log? [y/n]:
0x45**** Warning: Publisher %1 resources could not be found or are not accessibleto the Local Service account. **** Warning: Publisher %1 resources could not be found or are not accessibleto the Local Service account.
0x46**** Warning: Publisher %1 is installed onthe system. Only new values would be added. If you want to update previous settings, uninstall the manifest first. **** Warning: Publisher %1 is installed onthe system. Only new values would be added. If you want to update previous settings, uninstall the manifest first.
0x47Provider %1 in the manifest is missing the channel name attribute. Provider %1 in the manifest is missing the channel name attribute.
0x48Provider %1 in the manifest contains channel %2 that is missing the type attribute. Provider %1 in the manifest contains channel %2 that is missing the type attribute.
0x49Provider %1{%2} is missing the channel name attribute. Provider %1{%2} is missing the channel name attribute.
0x4AProvider %1 manifest has declared a channel %2 that uses a non-supported type %3 Provider %1 manifest has declared a channel %2 that uses a non-supported type %3
0x4BProvider %1 manifest has declared a channel %2 that uses a non-supported isolation %3 Provider %1 manifest has declared a channel %2 that uses a non-supported isolation %3
0x4CProvider %1 is already installed with GUID %2. Provider %1 is already installed with GUID %2.
0x4DChannel %1 is declared by an existing provider %2{%3}. Channel %1 is declared by an existing provider %2{%3}.
0x4EProvider has two channels with the same value. Provider has two channels with the same value.
0x4FProvider is missing the GUID attribute. Provider is missing the GUID attribute.
0x50Provider %1 is missing the name in the registry. Provider %1 is missing the name in the registry.
0x51Provider %1{%2} has Registry value Count %3. Provider %1{%2} has Registry value Count %3.
0x52Provider %1{%2} is missing channels under the channelreferences registry key. Provider %1{%2} is missing channels under the channelreferences registry key.
0x53Provider %1{%2} is missing the channel name for the index key %3. Provider %1{%2} is missing the channel name for the index key %3.
0x54Provider %1{%2} has a channel indexed %3 that is missing the default registry value. Provider %1{%2} has a channel indexed %3 that is missing the default registry value.
0x55**** Warning: Publisher %1 was not found in the resource file.resourceFileName: %2 **** Warning: Publisher %1 was not found in the resource file.resourceFileName: %2
0x56**** Warning: The resource file for publisher %1 was not found or could not be opened.resourceFileName: %2 **** Warning: The resource file for publisher %1 was not found or could not be opened.resourceFileName: %2
0x57**** Warning: The resource file for publisher %1 does not contain the metadata resource.Make sure to link the .bin file generated by the Message Compiler into thespecified binary.resourceFileName: %2 **** Warning: The resource file for publisher %1 does not contain the metadata resource.Make sure to link the .bin file generated by the Message Compiler into thespecified binary.resourceFileName: %2
0x58Secure password input is not available on this version of Windows.%0 Secure password input is not available on this version of Windows.%0
0x59The Event Log service is not available on this version of Windows. Command %1!s! is not supported. The Event Log service is not available on this version of Windows. Command %1!s! is not supported.
0x5A**** Warning: The Event Log service is not available on this version of Windows.The publishers and channels were installed successfully, but we can't validate the publisher resources for %1!s! without the service. **** Warning: The Event Log service is not available on this version of Windows.The publishers and channels were installed successfully, but we can't validate the publisher resources for %1!s! without the service.

EXIF

File Name:wevtutil.exe.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_10.0.15063.0_en-us_45ad22b3300d47b3\
File Size:44 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:45056
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Dynamic link library
File Subtype:0
Language Code:English (U.S.)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:Eventing Command Line Utility
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:wevtutil.exe
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:wevtutil.exe.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\x86_microsoft-windows-e..mmandline.resources_31bf3856ad364e35_10.0.15063.0_en-us_e98e872f77afd67d\

What is wevtutil.exe.mui?

wevtutil.exe.mui is Multilingual User Interface resource file that contain English (U.S.) language for file wevtutil.exe (Eventing Command Line Utility).

File version info

File Description:Eventing Command Line Utility
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:wevtutil.exe
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:wevtutil.exe.mui
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x409, 1200