What is C System32 WevtUtil exe?
The process known as Windows Events Command Line Utility is native to the Windows operating system by Microsoft. The wevtutil.exe file is located in the C:\Windows\System32 folder. The file size on Windows 11/10 is 171,008 bytes. The WevtUtil.exe is a Windows core system file.
What is WevtUtil and how do you use it?
The WevtUtil.exe command enables you to retrieve information about event logs and publishers. You can use the command to get metadata information about the provider, its events, and the channels to which it logs events, and to query events from a channel or log file. PC users can run the WevtUtil command for the following:
Retrieve information about event logs and publishers.Archive logs in a self-contained format.Enumerate the available logs.Install and uninstall event manifests.Run queries.Exports events (from an event log, from a log file, or using a structured query) to a specified file.Clear event logs.
For usage information, enter wevtutil /? at a command prompt.
Using WevtUtil command
Let’s take a look at some basic usage of the WevtUtil command on Windows 11/10 system. Press Windows key + R, type cmd and hit Enter to open Command Prompt. Alternatively, open Windows Terminal and select Command Prompt profile. In the CMD prompt, run the commands below for the corresponding task(s). Note: Most options for WevtUtil are not case sensitive, but the built-in help is and must be requested in the UPPER case. To retrieve event log data, the PowerShell cmdlet Get-WinEvent is easier to use and more flexible.
List the names of all logs:
Display configuration information about the System log on the local computer in XML format:
Use a configuration file to set event log attributes (see Remarks for an example of a configuration file):
Display information about the Microsoft-Windows-Eventlog event publisher, including metadata about the events that the publisher can raise:
Install publishers and logs from the myManifest.xml manifest file:
Uninstall publishers and logs from the myManifest.xml manifest file:
Display the three most recent events from the Application log in textual format:
Display the status of the Application log:
Export events from System log to C:\backup\system0506.evtx:
Clear all of the events from the Application log after saving them to C:\admin\backups\a10306.evtx:
Clear all the events from the Application log:
Parse every Event log installed on the computer and clear them all, you can create a batch file with the syntax below and run the .bat file:
Export events from the System log to C:\backup\ss64.evtx:
List the event publishers on the current computer:
Uninstall publishers and logs from the SS64.man manifest file:
Enable event logs for the Task Scheduler:
Display the 50 most recent events from the Application log in text format:
Find the last 20 startup events in the System log:
The WevtUtil.exe command can control nearly every aspect of the Event Viewer and Logs which requires a lot of parameters and switches to control these details. To see the main structure of the syntax for WevtUtil.exe and learn more about this native tool, check out the Microsoft documentation. Hope you find this post informative enough!
How do I use Windows logs?
To access the Event Viewer in Windows 11, Windows 10, and Server, do the following:
Right-click on the Start button.Select Control Panel > System & Security.Double-click Administrative tools.Double-click Event Viewer.Select the type of logs that you wish to review (ex: Application, System).
What do system logs show?
In Windows 11/10 computer, the system log (Syslog) contains a record of the operating system (OS) events that indicates how the system processes and drivers were loaded. The Syslog shows informational, error, and warning events related to the computer OS.
Can I delete log files?
By default, DB does not delete log files for you. For this reason, DB’s log files will eventually grow to consume an unnecessarily large amount of disk space. To guard against this, you should periodically take administrative action to remove log files that are no longer in use by your application. You can delete application level log files via System View > Database Properties > Enterprise View. Expand the Planning application type and the application that contains the log files you want to delete. Right-click the application, and select Delete Log.