Querying Event Logs Using Wevtutil

Windows 7 and Windows Server 2008 boast significantly more powerful logging capabilities than their predecessors. As a result of this, more advanced log data extraction and correlation is possible with the right tools. One of these tools is called Wevtutil which is specifically designed for querying the Windows event log.

Using Wvetutil you can display available logs, query data from logs, correlate data between logs, or even export queried data as XML for formatting into other more readable formats such as a web based reporting display. I’ve used the utility several times myself during incident response scenarios to pull specific data from multiple logs and output it to a more readable format.

You can read more about Wevtutil at http://technet.microsoft.com/en-us/library/cc732848%28WS.10%29.aspx.  

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top