wecutil.exe 事件收集器命令行实用程序 79d75f8840da8ce59aa85c2bbfe7bfe7

File info

File name: wecutil.exe.mui
Size: 31744 byte
MD5: 79d75f8840da8ce59aa85c2bbfe7bfe7
SHA1: d3c8ae0244ef4e1ce713214631e245e83c28fa38
SHA256: d0ab0657693651e61584b8f05c29f0b5652ff7c851a304a5e0e239e2726b9aa6
Operating systems: Windows 10
Extension: MUI
In x64: wecutil.exe 事件收集器命令行实用程序 (32 位)

Translations messages and strings

If an error occurred or the following message in Chinese (Simplified) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id Chinese (Simplified) English
0x1内存不足。%0 Out of memory.%0
0x2无法打开输出文件: %1!s!。%0 Failed to open output file: %1!s!.%0
0x3无法打开配置文件: %1!s!。%0 Failed to open config file: %1!s!.%0
0x4配置文件无效。%0 Invalid config file.%0
0x5无法从配置文件读取。%0 Failed to read from config file.%0
0x6无法初始化 COM。%0 Failed to initialize COM.%0
0x7无法从配置文件读取订阅 ID。%0 Failed to read subscription id from config file.%0
0x8无法打开订阅。%0 Failed to open subscription.%0
0x9无法保存订阅。%0 Failed to save subscription.%0
0xA已成功保存订阅,但此时无法将其激活。请使用 retry-subscription 命令来重试该订阅。如果订阅正在运行,也可以使用 get-subscriptionruntimestatus 命令来获取扩展错误状态。 The subscription is saved successfully, but it can't be activated at this time.Use retry-subscription command to retry the subscription. If subscription is running,you can also use get-subscriptionruntimestatus command to get extended error status.
0xB无法删除订阅。%0 Failed to delete subscription.%0
0xC无法打开订阅枚举。%0 Failed to open subscription enumeration.%0
0xD无法枚举订阅。%0 Failed to enumerate subscriptions.%0
0xE无法获取 %1!s! 属性。%0 Failed to get %1!s! property.%0
0xF无法设置 %1!s! 属性。%0 Failed to set %1!s! property.%0
0x10无法重试事件源: %1!s!。%0 Failed to retry event source: %1!s!.%0
0x11重试订阅失败。%0 Failed to retry subscription. %0
0x12不支持格式。%0 Format is not supported.%0
0x13传递模式 %d 无效。%0 Invalid delivery mode %d.%0
0x14内容格式 %d 无效。%0 Invalid content format %d.%0
0x15属性值“%1!s!”(%2!s!)无效。%0 Invalid property value '%1!s!' (%2!s!).%0
0x16不支持命令 %1!s!。%0 Command %1!s! is not supported.%0
0x17选项 %1!s! 无效。未指定选项名称。%0 Invalid option %1!s!. Option name is not specified.%0
0x18选项 %1!s! 无效。选项被指定了多次。%0 Invalid option %1!s!. Option is specified more than once.%0
0x19选项 %1!s! 无效。选项不是整数。%0 Invalid option %1!s!. Option is not integer.%0
0x1A选项 %1!s! 无效。未指定选项值。%0 Invalid option %1!s!. Option value is not specified.%0
0x1B选项 %1!s! 无效。选项不是布尔值。%0 Invalid option %1!s!. Option is not Boolean.%0
0x1C选项 %1!s! 无效。选项不受支持。%0 Invalid option %1!s!. Option is not supported.%0
0x1D指定的参数太多。%0 Too many arguments are specified.%0
0x1E未指定必需的参数。%0 Required argument(s) is/are not specified.%0
0x1F内部错误。%0 Internal error.%0
0x20读取密码失败。%0 Failed to read password.%0
0x21未指定 EventSourceAddress。%0 EventSourceAddress is not specified.%0
0x22未指定命令。%0 Command is not specified.%0
0x23找不到此订阅的事件源。%0 No event source is found for this subscription.%0
0x24配置文件的根节点不是订阅或所处的命名空间不正确。%0 Root node of config file is not Subscription or in correct namespace.%0
0x25警告: 事件源 %1!s! 已禁用。%0 Warning: event source %1!s! is disabled.%0
0x26订阅 %1!s! 已存在。%0 Subscription %1!s! already exists.%0
0x27当事件源 %1!s! 已存在时无法添加它。%0 Can not add event source %1!s! when it already exists.%0
0x28Windows 事件收集器实用程序使你可以创建和管理对从支持 WS-Management 协议的远程事件源转发的事件的订阅。用法:可以使用短形式(如 es、/f)或长形式(如 enum-subscription、/format)的命令和选项名称。命令、选项和选项值不区分大小写。(字符全部大写表示变量)wecutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]命令:es (enum-subscription) 列出现有订阅。gs (get-subscription) 获取订阅配置。gr (get-subscriptionruntimestatus) 获取订阅运行时状态。ss (set-subscription) 设置订阅配置。cs (create-subscription) 创建新的订阅。ds (delete-subscription) 删除订阅。rs (retry-subscription) 重试订阅。qc (quick-config) 配置 Windows 事件收集器服务。常用选项:/h|? (help)获取 wecutil 程序的常规帮助。wecutil { -help | -h | -? }有关参数和选项的信息,请参阅特定命令的用法:wecutil COMMAND -? Windows Event Collector UtilityEnables you to create and manage subscriptions to events forwarded from remoteevent sources that support WS-Management protocol.Usage:You can use either the short (i.e. es, /f) or long (i.e. enum-subscription, /format)version of the command and option names. Commands, options and option values arecase-insensitive.(ALL UPPER-CASE = VARIABLE)wecutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]Commands:es (enum-subscription) List existent subscriptions.gs (get-subscription) Get subscription configuration.gr (get-subscriptionruntimestatus) Get subscription runtime status.ss (set-subscription) Set subscription configuration.cs (create-subscription) Create new subscription.ds (delete-subscription) Delete subscription.rs (retry-subscription) Retry subscription.qc (quick-config) Configure Windows Event Collector service.Common options:/h|? (help)Get general help for the wecutil program.wecutil { -help | -h | -? }For arguments and options, see usage of specific commands:wecutil COMMAND -?
0x29创建远程订阅。用法:wecutil { cs | create-subscription } CONFIGURATION_FILE [/OPTION:VALUE [/OPTION:VALUE] ...]CONFIGURATION_FILE指定 XML 文件路径的字符串,该文件包含订阅配置。该路径可以为当前目录的绝对路径或相对路径。选项:可以使用选项名称的短形式(例如 /cun)或长形式(例如 /CommonUserName)。选项及其值不区分大小写。/cun:USERNAME (CommonUserName)将共享用户凭据设置为用于不具备其自身用户凭据的事件源。该选项仅适用于启动收集器的订阅。注意: 如果指定该选项,将忽略来自配置文件的各个事件源的 UserName/UserPassword设置。如果要将其他凭据用于特定事件源,使用 ss (set-subscription)命令为事件源设置该凭据。/cup:PASSWORD (CommonUserPassword)为共享用户凭据设置用户密码。如果将 PASSWORD 设置为 * (星号),则从控制台读取该密码。仅在指定 /cun (CommonUserName)选项时该选项才有效。示例:创建启动收集器的订阅将事件从远程计算机 mySource.myDomain.com 的应用程序事件日志转发到 ForwardedEvents 日志。wecutil cs ci_subscription.xmlContent of ci_subscription.xml: SampleCISubscription CollectorInitiated Collector Initiated Subscription Sample true http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog Custom 20 60000 thisMachine.myDomain.com 2010-01-01T00:00:00.000Z * ]] false http RenderedText ForwardedEvents Default mySource.myDomain.com myUserName 示例:创建启动源的订阅将事件从远程计算机 mySource.myDomain.com 的应用程序事件日志转发到 ForwardedEvents 日志。wecutil cs si_subscription.xmlContent of si_subscription.xml: SampleSISubscription SourceInitiated Source Initiated Subscription Sample true http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog Custom 1 1000 2018-01-01T00:00:00.000Z Event[System/EventID='999'] ]] true http RenderedText ForwardedEvents O:NSG:NSD:(A;;GA;;;DC)(A;;GA;;;NS)请注意,创建启动源的订阅时,如果 AllowedSourceDomainComputers、AllowedSourceNonDomainComputers/AllowedIssuerCAList、AllowedSubjectList 以及 DeniedSubjectList 都为空,则将为AllowedSourceDomainComputers 提供默认值 - O:NSG:NSD:(A;;GA;;;DC)(A;;GA;;;NS)。该 SDDL 默认值授予域计算机域组以及本地网络服务组(用于本地转发器)的成员发起该订阅事件的能力。 Create a remote subscription.Usage:wecutil { cs | create-subscription } CONFIGURATION_FILE [/OPTION:VALUE [/OPTION:VALUE] ...]CONFIGURATION_FILEString that specifies the path to the XML file that contains subscription configuration.The path can be absolute or relative to the current directory.Options:You can use either the short (i.e. /cun) or long (i.e. /CommonUserName) version of theoption names. Options and their values are case-insensitive./cun:USERNAME (CommonUserName)Sets shared user credential to be used for event sources that do not have their ownuser credentials. This option applies to collector initiated subscriptions only.Note: if this option is specified, UserName/UserPassword settings for individual eventsources from the configuration file are ignored. If you want to use different credentialfor a specific event source, use ss (set-subscription) command to set it for the eventsource./cup:PASSWORD (CommonUserPassword)Sets the user password for the shared user credential. When PASSWORD is set to *(asterisk), the password is read from the console. This option is only valid when/cun (CommonUserName) option is specified.Example:Create a collector initiated subscription to forward events from the Application event log ofa remote computer mySource.myDomain.com to ForwardedEvents log.wecutil cs ci_subscription.xmlContent of ci_subscription.xml: SampleCISubscription CollectorInitiated Collector Initiated Subscription Sample true http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog Custom 20 60000 thisMachine.myDomain.com 2010-01-01T00:00:00.000Z * ]] false http RenderedText ForwardedEvents Default mySource.myDomain.com myUserName Example:Create a source initiated subscription to forward events from the Application event log ofa remote computer mySource.myDomain.com to ForwardedEvents log.wecutil cs si_subscription.xmlContent of si_subscription.xml: SampleSISubscription SourceInitiated Source Initiated Subscription Sample true http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog Custom 1 1000 2018-01-01T00:00:00.000Z Event[System/EventID='999'] ]] true http RenderedText ForwardedEvents O:NSG:NSD:(A;;GA;;;DC)(A;;GA;;;NS)Note, that when creating a source initiated subscription, if AllowedSourceDomainComputers, AllowedSourceNonDomainComputers/AllowedIssuerCAList,AllowedSubjectList, and DeniedSubjectList are all empty, then a default willbe provided for AllowedSourceDomainComputers - O:NSG:NSD:(A;;GA;;;DC)(A;;GA;;;NS). This SDDL default grants members of the Domain Computers domain group, as wellas the local Network Service group (for local forwarder), the ability to raise events for this subscription.
0x2A列出所有现有远程事件订阅的名称。用法:wecutil { es | enum-subscription }示例:列出事件订阅。wecutil es List the names of all existent remote event subscriptions.Usage:wecutil { es | enum-subscription }Example:List event subscriptions.wecutil es
0x2B显示远程订阅配置信息。用法:wecutil { gs | get-subscription } SUBSCRIPTION_ID [/OPTION:VALUE [/OPTION:VALUE] ...]SUBSCRIPTION_ID唯一标识订阅的字符串,由用于创建订阅的 XML 配置文件的 标记指定选项:可以使用选项名称的短形式(例如 /f)或长形式(例如 /format)。选项及其值不区分大小写。/f:VALUE (format)VALUE 可以为 XML 或 Terse。如果 VALUE 为 XML,则以 XML 形式打印输出。如果 VALUE 为 Terse (默认),则以名称值对打印值。/u:VALUE (unicode)以 unicode (UTF-16)显示输出。VALUE 可以为 True 或 False。如果 VALUE 为 True,则输出为 Unicode 形式。示例:名为 sub1 的订阅上的输出配置信息。wecutil gs sub1示例输出:Subscription Id: sub1SubscriptionType: CollectorInitiatedDescription: Push Collector Initiated SubscriptionEnabled: trueUri: http://schemas.microsoft.com/wbem/wsman/1/windows/EventLogConfigurationMode: CustomDeliveryMode: PushDeliveryMaxItems: 1DeliveryMaxLatencyTime: 1000HostName: thisMachine.myDomain.comHeartbeatInterval: 60000Expires: 2010-01-01T00:00:00.000ZQuery: * ReadExistingEvents: trueTransportName: httpContentFormat: RenderedTextLocale: en-USLogFile: ForwardedEventsCredentialsType: DefaultCommonUserName: AdministratorCommonUserPassword: *EventSource[0]: Address: mySource.myDomain.com Enabled: true UserName: myUserName UserPassword: *EventSource[1]: Address: mySource1.myDomain.com Enabled: true UserName: myUserName UserPassword: * Displays remote subscription configuration information.Usage:wecutil { gs | get-subscription } SUBSCRIPTION_ID [/OPTION:VALUE [/OPTION:VALUE] ...]SUBSCRIPTION_IDString that uniquely identifies a subscription, specified by the tagof the XML configuration file used to create the subscriptionOptions:You can use either the short (i.e. /f) or long (i.e. /format) version of the optionnames. Options and their values are case-insensitive./f:VALUE (format)VALUE can be XML or Terse. If VALUE is XML, print output in XML. If VALUE is Terse(default), print value as name-value pairs./u:VALUE (unicode)Display output in unicode (UTF-16). VALUE can be true or false. If VALUE is true then output isin Unicode.Example:Output configuration information on a subscription named sub1.wecutil gs sub1Example output:Subscription Id: sub1SubscriptionType: CollectorInitiatedDescription: Push Collector Initiated SubscriptionEnabled: trueUri: http://schemas.microsoft.com/wbem/wsman/1/windows/EventLogConfigurationMode: CustomDeliveryMode: PushDeliveryMaxItems: 1DeliveryMaxLatencyTime: 1000HostName: thisMachine.myDomain.comHeartbeatInterval: 60000Expires: 2010-01-01T00:00:00.000ZQuery: * ReadExistingEvents: trueTransportName: httpContentFormat: RenderedTextLocale: en-USLogFile: ForwardedEventsCredentialsType: DefaultCommonUserName: AdministratorCommonUserPassword: *EventSource[0]: Address: mySource.myDomain.com Enabled: true UserName: myUserName UserPassword: *EventSource[1]: Address: mySource1.myDomain.com Enabled: true UserName: myUserName UserPassword: *
0x2C显示订阅运行时状态。用法:wecutil { gr | get-subscriptionruntimestatus } SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...]SUBSCRIPTION_ID唯一标识订阅的字符串,由用于创建订阅的 XML 配置文件的 标记指定EVENT_SOURCE标识计算机的字符串,该计算机为使用完全限定域名、NetBIOS 名称或 IP 地址的事件源。示例:显示名为 sub1 的订阅的运行时状态。wecutil gr sub1Subscription: sub1 RunTimeStatus: Active LastError: 0 ErrorMessage: ErrorTime: 2007-01-01T12:00:00.000 NextRetryTime: LastHeartbeatTime: EventSources: MYSOURCE$ RunTimeStatus: Active LastError: 0 ErrorMessage: ErrorTime: NextRetryTime: LastHeartbeatTime: 2007-01-01T12:15:00.000 Displays subscription runtime status.Usage:wecutil { gr | get-subscriptionruntimestatus } SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...]SUBSCRIPTION_IDString that uniquely identifies a subscription, specified by the tag of the XML configuration file used to create the subscriptionEVENT_SOURCEString that identifies a machine serving as a source of events using fully-qualifieddomain name, NetBIOS name, or an IP address.Example:Display runtime status of subscription named sub1.wecutil gr sub1Subscription: sub1 RunTimeStatus: Active LastError: 0 ErrorMessage: ErrorTime: 2007-01-01T12:00:00.000 NextRetryTime: LastHeartbeatTime: EventSources: MYSOURCE$ RunTimeStatus: Active LastError: 0 ErrorMessage: ErrorTime: NextRetryTime: LastHeartbeatTime: 2007-01-01T12:15:00.000
0x2D从所有将事件发送到订阅的事件日志的事件源中删除特定的订阅以及取消订阅。用法:wecutil { ds | delete-subscription } SUBSCRIPTION_IDSUBSCRIPTION_ID唯一标识订阅的字符串,由用于创建订阅的 XML 配置文件的 标记指定示例:删除名为 sub1 的订阅。wecutil ds sub1 Deletes a specific subscription and unsubscribes from all event sources that deliverevents into the Event Log for the subscription. Any events already received andlogged are not deleted.Usage:wecutil { ds | delete-subscription } SUBSCRIPTION_IDSUBSCRIPTION_IDString that uniquely identifies a subscription, specified by the tag ofthe XML configuration file used to create the subscriptionExample:Delete a subscription named sub1.wecutil ds sub1
0x2E通过尝试重新激活所有内容或通过建立连接并发送远程订阅请求指定事件源,重试非活动的订阅。不重试已禁用的源。用法:wecutil { rs | retry-subscription } SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...]SUBSCRIPTION_ID唯一标识订阅的字符串,由用于创建订阅的 XML 配置文件的 标记指定EVENT_SOURCE标识计算机的字符串,该计算机使用完全限定的域名、NetBIOS 名称或 IP 地址标识充当事件源。示例:重试名为 sub1 的订阅的所有源。wecutil rs sub1 Retries inactive subscription by attempting to reactivate all or specified eventsources by establishing a connection and sending a remote subscription request.Disabled sources are not retried.Usage:wecutil { rs | retry-subscription } SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...]SUBSCRIPTION_IDString that uniquely identifies a subscription, specified by the tag ofthe XML configuration file used to create the subscriptionEVENT_SOURCEString that identifies a machine serving as a source of events using fully-qualifieddomain name, NetBIOS name, or an IP address.Example:Retry all sources of a subscription named sub1.wecutil rs sub1
0x2F通过更改命令行的订阅参数或使用 XML 配置文件设置订阅配置。用法:wecutil { ss | set-subscription } SUBSCRIPTION_ID [/OPTION:VALUE [/OPTION:VALUE] ...]wecutil { ss | set-subscription } /c:CONFIG_FILE [/cus:USERNAME [/cup:PASSWORD] ...]SUBSCRIPTION_ID唯一标识订阅的字符串,由用于创建订阅的 XML 配置文件的 标记指定选项:可以使用选项名称的短形式(例如 /q)或长形式(例如 /Query)。选项及其值不区分大小写。一般选项(用于所有类型的订阅):/c:CONFIG_FILE (Config)指定 XML 文件路径的字符串,该文件包含订阅配置。该路径可以为当前目录的绝对路径或相对路径。该选项仅可以与可选选项 /cus (CommonUserName)和/cup (CommonUserPassword) 一起使用,并且该选项与所有其他选项相互排斥。/e[:VALUE] (enabled)启用或禁用订阅。VALUE 可以为 True 或 False。此选项的默认值为 True。/d:DESCRIPTION (Description)描述订阅的字符串。/ex:DATE_TIME (Expires)指定订阅过期时间的字符串。DATE_TIME 值在标准 XML 或 ISO8601 日期-时间格式:yyyy-MM-ddThh:mm:ss[.sss][Z] 中指定,其中 T 为时间分隔符,Z 表示 UTC 时间。/uri:URI指定订阅所消耗的事件类型的字符串。事件源计算机的地址以及 URI 唯一标识事件源。/cm:CONFIGURATION_MODE (ConfigurationMode)指定配置模式的字符串。CONFIGURATION_MODE 可以是以下字符串之一: Normal、Custom、MinLatency 或 MinBandwidth。Normal、MinLatency和 MinBandwidth 模式设置传递模式、传递最多项目、检测间隔和传递最长延迟时间。仅当将配置模式设置为 Custom 时,才可以指定 /dm (DeliveryMode)、/dmi (DeliveryMaxItems)、/hi (HeartbeatInterval) 或 /dmlt (DeliveryMaxLatencyTime) 选项。/q:QUERY (Query)指定用于订阅的查询字符串的字符串。该字符串的格式可能会因不同的 URI 值而有所不同,而且适用于订阅中的所有源。/dia:DIALECT (Dialect)指定查询字符串使用的方言的字符串。/cf:FORMAT (ContentFormat)指定已返回事件的格式的字符串。FORMAT 可以为 Events 或 RenderedText。如果值为RenderedText,会返回事件以及附加到该事件的本地化字符串(例如事件描述)。FORMAT 的默认值为 RenderedText。/l:LOCALE (Locale)以 RenderedText 格式指定用于本地化字符串传递的区域设置的字符串。LOCALE 为语言/国家/地区文化标识符,例如,\"en-US\"。仅当将 /cf (ContentFormat) 选项设置为 \"RenderedText\" 时该选项才有效。/ree[:VALUE] (ReadExistingEvents)指定要为订阅传递的事件。VALUE 可以为 True 或 False。如果 VALUE 为 True,则从订阅事件源中读取所有现有事件。如果 VALUE 为 False,则仅传递将来(即将到达的)事件。/ree 选项的默认值为 True,而不是一个值。如果未指定 /ree 选项,则默认值为 False。/lf:FILENAME (LogFile)指定本地事件日志的字符串,该日志用于存储从事件源接收的事件。/pn:PUBLISHER (PublisherName)指定发行者名称的字符串。该发行者必须拥有或导入由 /lf (LogFile)选项指定的日志。/dm:MODE (DeliveryMode)指定传递模式的字符串。MODE 可以为用于启动收集器的请求订阅或推送订阅,并且仅推送启动源的订阅。仅当将 /cm (ConfigurationMode)选项设置为 Custom 时,此选项才有效。/dmi:NUMBER (DeliveryMaxItems)指定用于批传递的最多项目的数字。仅当将 /cm (ConfigurationMode)设置为 Custom 时,此选项才有效。/dmlt:MS (DeliveryMaxLatencyTime)指定传递批事件时最长延迟的数字。MS 为毫秒数。仅当将 /cm (ConfigurationMode)设置为 Custom 时,此选项才有效。/hi:MS (HeartbeatInterval)指定用于推送订阅的检测间隔或用于请求订阅的轮询间隔。MS 为毫秒数。仅当将 /cm (ConfigurationMode)设置为 Custom 时,此选项才有效。/tn:TRANSPORTNAME (TransportName)指定用于连接到远程事件源的传输名称的字符串。它可以为 http 或 https。 Sets subscription configuration by changing subscription parameters from the commandline or by using an XML configuration file.Usage:wecutil { ss | set-subscription } SUBSCRIPTION_ID [/OPTION:VALUE [/OPTION:VALUE] ...]wecutil { ss | set-subscription } /c:CONFIG_FILE [/cus:USERNAME [/cup:PASSWORD] ...]SUBSCRIPTION_IDString that uniquely identifies a subscription, specified by the tag ofthe XML configuration file used to create the subscriptionOptions:You can use either the short (i.e. /q) or long (i.e. /Query) version of theoption names. Options and their values are case-insensitive.COMMON OPTIONS (for all type of subscriptions):/c:CONFIG_FILE (Config)String that specifies the path to the XML file that contains subscription configuration.The path can be absolute or relative to the current directory. This option may only beused with the optional /cus (CommonUserName) and /cup (CommonUserPassword) options andis mutually exclusive with all other options./e[:VALUE] (enabled)Enable or disable a subscription. VALUE can be true or false. The default value of thisoption is true./d:DESCRIPTION (Description)String that describes the subscription./ex:DATE_TIME (Expires)String that specifies the subscription expiration time. DATE_TIME value is specified instandard XML or ISO8601 date-time format: yyyy-MM-ddThh:mm:ss[.sss][Z], where T is thetime separator and Z indicates UTC time./uri:URIString that specifies the type of the events consumed by the subscription. The addressof the event source machine along with the URI uniquely identifies the source of theevents./cm:CONFIGURATION_MODE (ConfigurationMode)String that specifies the configuration mode. CONFIGURATION_MODE can be one of thefollowing strings: Normal, Custom, MinLatency or MinBandwidth. The Normal, MinLatency,and MinBandwidth modes set delivery mode, delivery max items, heartbeat interval, anddelivery max latency time. The /dm (DeliveryMode), /dmi (DeliveryMaxItems),/hi (HeartbeatInterval) or /dmlt (DeliveryMaxLatencyTime) option may only be specifiedif the configuration mode is set to Custom./q:QUERY (Query)String that specifies that query string for the subscription. The format of this stringmay be different for different URI values and applies to all sources in the subscription./dia:DIALECT (Dialect)String that specifies the dialect the query string uses./cf:FORMAT (ContentFormat)String that specifies the format of the returned events. FORMAT can be Events orRenderedText. When the value is RenderedText, the events are returned with the localizedstrings (such as event description) attached to the event. The default value of FORMATis RenderedText./l:LOCALE (Locale)String that specifies the locale for delivery of the localized strings in RenderedTextformat. LOCALE is a language/country culture identifier, for example, \"en-US\". Thisoption is valid only if /cf (ContentFormat) option is set to \"RenderedText\"./ree[:VALUE] (ReadExistingEvents)Specifies which events are to be delivered for the subscription. VALUE can true or false.When the VALUE is true, all existing events are read from the subscription event sources.When the VALUE is false, only future (arriving) events are delivered. The default valueis true for an /ree option without a value. If no /ree option is specified, the defaultvalue is false./lf:FILENAME (LogFile)String that specifies the local event log used to store events received from the eventsources./pn:PUBLISHER (PublisherName)String that specifies the publisher name. It must be a publisher which owns or importslog specified by /lf (LogFile) option./dm:MODE (DeliveryMode)String that specifies the delivery mode. MODE can be either pull or push for collectorinitiated subscriptions and only push for source initiated subscriptions. This option isvalid only if /cm (ConfigurationMode) option is set to Custom./dmi:NUMBER (DeliveryMaxItems)A number that specifies the maximum number of items for batched delivery. This option isvalid only if /cm (ConfigurationMode) is set to Custom./dmlt:MS (DeliveryMaxLatencyTime)A number that specified the maximum latency in delivering a batch of events. MS is thenumber of milliseconds. This option is valid only if /cm (ConfigurationMode) is set toCustom./hi:MS (HeartbeatInterval)A number that specifies the heartbeat interval for push subscriptionsm, or the pollinginterval for pull subscriptions. MS is the number of milliseconds. This option is valid only if /cm (ConfigurationMode) is set to Custom./tn:TRANSPORTNAME (TransportName)String that specifies the name of the transport used to connect to remote event source.It can be http or https.
0x30/esa:EVENT_SOURCE (EventSourceAddress)指定事件源的地址。EVENT_SOURCE 为标识计算机的字符串,该计算机使用完全限定域名、NetBIOS 名称或 IP 地址充当事件源。该选项应与 /ese (EventSourceEnabled)、/aes (AddEventSource)、/res (RemoveEventSource)、或 /un (UserName)和/up (UserPassword)选项一起使用。/ese[:VALUE] (EventSourceEnabled)启用或禁用事件源。VALUE 可以为 True 或 False。仅当指定/esa (EventSourceAddress) 选项时,才允许使用该选项。该选项的默认值为 True。特定于收集器启动的订阅的选项:/aes (AddEventSource)如果 /esa (EventSourceAddress)选项指定的事件源已不是订阅的一部份,则添加该事件源。如果 /esa (EventSourceAddress)指定的地址已是为订阅的一部份,则会引发错误。仅当指定 /esa (EventSourceAddress)选项时,才允许使用该选项。/res (RemoveEventSource)如果 /esa (EventSourceAddress)选项指定的事件源已是订阅的一部份,则删除该事件源。如果 /esa (EventSourceAddress)指定的地址已不是订阅的一部份,则会引发错误。仅当指定 /esa (EventSourceAddress)选项时,才允许使用该选项。/un:USERNAME (UserName)指定要与 /esa (EventSourceAddress)选项指定的源一起使用的用户凭据。仅当指定 /esa (EventSourceAddress)选项时,才允许使用该选项。/up:PASSWORD (UserPassword)设置 /esa (EventSourceAddress)选项所指定源的用户凭据的用户密码。仅当指定 /un (UserName)选项时,才允许使用该选项。/tp:TRANSPORTPORT (TransportPort)连接到远程事件源时传输使用的端口号。如果未指定,则端口默认以下给定传输名称使用的标准端口号: 对于 http,使用 80;对于 https,使用 443/hn:NAME (HostName)指定本地计算机 FQDNS 名称的字符串。此名称由远程事件源用来后推事件,并且必须仅用于推订阅。涉及可能具有多 FQDNS 名称的多域服务器时使用该名称。/ct:TYPE (CredentialsType)指定用于远程源地址的凭据类型的字符串。TYPE 可以为以下值之一:\"default\"、\"negotiate\"、\"digest\"、\"basic\" 或\"localmachine\"。默认值为 \"default\"。/cun:USERNAME (CommonUserName)设置要用于不具备其自身用户凭据的事件源的共享用户凭据。注意: 如果使用 /c (Config)选项指定此选项,则忽略配置文件中各个事件源的UserName/UserPassword 设置。如果要将其他凭据用于特定事件源,则通过在另一个ss (set-subscription)命令的命令行上指定特定事件源 /un (UserName)和/up (UserPassword)来覆盖该值。/cup:PASSWORD (CommonUserPassword)为共享用户凭据设置用户密码。如果将 PASSWORD 设置为 * (星号),则从控制台读取密码。仅当指定 /cun (CommonUserName)选项时该选项才有效。特定于源启动的订阅的选项:/ica:THUMBPRINTS (AllowedIssuerCA)设置颁发者证书指纹的列表,以逗号分隔列表。/as:SUBJECTS (AllowedSubjects)字符串列表以逗号分隔,这些字符串指定允许启动订阅的非域计算机的 DNS 名称。可以使用通配符指定这些名称,如 \"*.mydomain.com\"。默认情况下,该列表为空。/ds:SUBJECTS (DeniedSubjects)字符串列表以逗号分隔,这些字符串指定不允许启动订阅的非域计算机的 DNS 名称。可以使用通配符指定这些名称,如 \"*.mydomain.com\"。默认情况下,该列表为空。/adc:SDDL (AllowedSourceDomainComputers)SDDL 格式的字符串,指定允许或不允许哪些域计算机启动订阅。默认设置为允许所有域计算机。示例:从新 XML 文件 WsSelRg2.xml 更新名为 sub1 的订阅配置。wecutil ss sub1 /c:%Windir%\\system32\\WsSelRg2.xml使用多个参数更新名为 sub2 的订阅配置:wecutil ss sub2 /esa:myComputer /ese /un:uname /up:* /cm:Normal更新启动源的订阅的允许和拒绝使用者列表:wecutil ss sub3 /as:\"*.private.mydomain.com\" /ds:\"*.public.mydomain.net,*.mydomain.tv\" /esa:EVENT_SOURCE (EventSourceAddress)Specifies the address of an event source. EVENT_SOURCE is a string that identifies amachine serving as a source of events using fully-qualified domain name, NetBIOS name,or an IP address. This option should be used with /ese (EventSourceEnabled),/aes (AddEventSource), /res (RemoveEventSource), or /un (UserName) and /up (UserPassword)options./ese[:VALUE] (EventSourceEnabled)Enable or disable an event source. VALUE can be true or false. This option is allowedonly if /esa (EventSourceAddress) option is specified. The default value of this optionis true.OPTIONS SPECIFIC TO COLLECTOR INITIATED SUBSCRIPTIONS:/aes (AddEventSource)Adds event source specified by the /esa (EventSourceAddress) option, if it is not alreadya part of the subscription. If the address specified by the /esa (EventSourceAddress) isalready a part of the subscription, an error is raised. This option is allowed only if/esa (EventSourceAddress) option is specified./res (RemoveEventSource)Removes event source specified by the /esa (EventSourceAddress) option, if it is alreadya part of the subscription. If the address specified by the /esa (EventSourceAddress)is not a part of the subscription, an error is raised. This option is allowed only if/esa (EventSourceAddress) option is specified./un:USERNAME (UserName)Specifies user credential to be used with the source specified by the/esa (EventSourceAddress) option. This option is allowed only if /esa (EventSourceAddress)option is specified./up:PASSWORD (UserPassword)Sets the user password for the user credential for the source specified by the/esa (EventSourceAddress) option. This option is allowed only if /un (UserName) optionis specified./tp:TRANSPORTPORT (TransportPort)Port number used by transport when connecting to remote event source. If not specified the port defaults to the standard one used for the given transport name: 80 for http, 443 for https/hn:NAME (HostName)String that specifies the FQDNS name of the local machine. This name is used by remoteevent source to push back events and must be used for push subscription only. It is usedin scenarios involving multi-homed servers that may have multiple FQDNS names./ct:TYPE (CredentialsType)String that specifies the credential type to be used for remote source access. TYPE maybe one of the following values: \"default\", \"negotiate\", \"digest\", \"basic\" or\"localmachine\". The default value is \"default\"./cun:USERNAME (CommonUserName)Sets shared user credential to be used for event sources that do not have their own usercredentials.Note: if this option is specified with the /c (Config) option, UserName/UserPasswordsettings for individual event sources from the configuration file are ignored. If youwant to use different credential for a specific event source, you may override thisvalue by specifying the /un (UserName) and /up (UserPassword) for a specific eventsource on the command line of another ss (set-subscription) command./cup:PASSWORD (CommonUserPassword)Sets the user password for the shared user credential. When PASSWORD is set to* (asterisk), the password is read from the console. This option is only valid when/cun (CommonUserName) option is specified.OPTIONS SPECIFIC TO SOURCE INITIATED SUBSCRIPTIONS:/ica:THUMBPRINTS (AllowedIssuerCA)Sets the list of issuer certificate thumbprints, in a comma separated list./as:SUBJECTS (AllowedSubjects)Comma separated list of strings that specifies the DNS names of non-domain computersallowed to initiate subscriptions. The names may be specified using wildcards, like\"*.mydomain.com\". By default this list is empty./ds:SUBJECTS (DeniedSubjects)Comma separated list of strings that specifies the DNS names of non-domain computersnot allowed to initiate subscriptions. The names may be specified using wildcards, like\"*.mydomain.com\". By default this list is empty./adc:SDDL (AllowedSourceDomainComputers)A string which specifies which domain computers are allowed or not to initiatesubscriptions, in SDDL format. Default is to allow all domain computers.EXAMPLES:Update subscription configuration named sub1 from a new XML file, WsSelRg2.xml.wecutil ss sub1 /c:%Windir%\\system32\\WsSelRg2.xmlUpdate subscription configuration named sub2 with multiple parameters:wecutil ss sub2 /esa:myComputer /ese /un:uname /up:* /cm:NormalUpdate the allowed and denied subject lists for a source initiated subscription:wecutil ss sub3 /as:\"*.private.mydomain.com\" /ds:\"*.public.mydomain.net,*.mydomain.tv\"
0x31配置 Windows 事件收集器服务,确保可通过重新启动来创建和维持订阅。包括以下步骤: 1. 如果已禁用 ForwardedEvents 通道,则启用该通道。 2. 将 Windows 事件收集器服务设置为延迟启动(仅适用于 Vista 和更新的版本)。 3. 如果 Windows 事件收集器服务未运行,则启动该服务。用法:wecutil { qc | quick-config } [/OPTION:VALUE]选项:可以使用选项名称的短形式(例如 /q)或长形式(例如 /quiet)。选项及其值不区分大小写。/q[:VALUE] (Quiet)VALUE 可以为 True 或 False。如果为 True,则 quick-config 不提示进行配置。该选项的默认值为 False。示例:wecutil qc Configures Windows Event Collector service to make sure subscription can be created andsustained through reboots. This includes the following steps: 1. Enable ForwardedEvents channel if disabled. 2. Set Windows Event Collector service to delay start (Vista and later only). 3. Start Windows Event Collector service if not running.Usage:wecutil { qc | quick-config } [/OPTION:VALUE]Options:You can use either the short (i.e. /q) or long (i.e. /quiet) version of theoption names. Options and their values are case-insensitive./q[:VALUE] (Quiet)VALUE can be true or false. If true, quick-config will not prompt for confirmation.The default value of this option is false.Example:wecutil qc
0x32无法正确配置 Windows 事件收集器服务。请稍后再试。%0 Failed to configure Windows Event Collector service properly. Please try again later.%0
0x33为 %1!s! 键入密码:%0 Type the password for %1!s!:%0
0x34警告: 该订阅的配置模式不是 Custom。对于此模式,不能自定义传递属性。因此,将忽略所提供配置文件中的传递节点。 Warning: Configuration mode for the subscription is not Custom. Delivery properties are notcustomizable for such mode. As a result, Delivery node from the provided configuration filewill be ignored.
0x35订阅的配置模式不是 Custom。无法为此模式设置属性 %1!s!。 Configuration mode for the subscription is not Custom. Property %1!s! can't be set for this mode.
0x36服务启动模式将更改为 Delay-Start。是否要继续( %c- 是或 %c- 否)?%0 The service startup mode will be changed to Delay-Start. Would you like to proceed ( %c- yes or %c- no)?%0
0x37Y%0 Y%0
0x38N%0 N%0
0x39Windows 事件收集器服务已经成功配置。 Windows Event Collector service was configured successfully.

EXIF

File Name:wecutil.exe.mui
Directory:%WINDIR%\WinSxS\amd64_microsoft-windows-e..collector.resources_31bf3856ad364e35_10.0.15063.0_zh-cn_2591dd9845eeb458\
File Size:31 kB
File Permissions:rw-rw-rw-
File Type:Win32 DLL
File Type Extension:dll
MIME Type:application/octet-stream
Machine Type:Intel 386 or later, and compatibles
Time Stamp:0000:00:00 00:00:00
PE Type:PE32
Linker Version:14.10
Code Size:0
Initialized Data Size:31232
Uninitialized Data Size:0
Entry Point:0x0000
OS Version:10.0
Image Version:10.0
Subsystem Version:6.0
Subsystem:Windows GUI
File Version Number:10.0.15063.0
Product Version Number:10.0.15063.0
File Flags Mask:0x003f
File Flags:(none)
File OS:Windows NT 32-bit
Object File Type:Dynamic link library
File Subtype:0
Language Code:Chinese (Simplified)
Character Set:Unicode
Company Name:Microsoft Corporation
File Description:事件收集器命令行实用程序
File Version:10.0.15063.0 (WinBuild.160101.0800)
Internal Name:WECUTIL.EXE
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original File Name:WECUTIL.EXE.MUI
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Directory:%WINDIR%\WinSxS\wow64_microsoft-windows-e..collector.resources_31bf3856ad364e35_10.0.15063.0_zh-cn_2fe687ea7a4f7653\

What is wecutil.exe.mui?

wecutil.exe.mui is Multilingual User Interface resource file that contain Chinese (Simplified) language for file wecutil.exe (事件收集器命令行实用程序).

File version info

File Description:事件收集器命令行实用程序
File Version:10.0.15063.0 (WinBuild.160101.0800)
Company Name:Microsoft Corporation
Internal Name:WECUTIL.EXE
Legal Copyright:© Microsoft Corporation. All rights reserved.
Original Filename:WECUTIL.EXE.MUI
Product Name:Microsoft® Windows® Operating System
Product Version:10.0.15063.0
Translation:0x804, 1200