wevtutil query event id 1

wevtutil query event id

WEVTUtil query-events Security /rd:true /format:text > %~dp0Logins.txt /q:"4624"

Here is what the above code is Doing:
1. We’re using the WEVTUtil command to query the Security event log for Event ID 4624.
2. We’re using the /rd:true switch to include the event description in the output.
3. We’re using the /format:text switch to output the results in text format.
4. We’re using the /q:”4624” switch to query for Event ID 4624.
5. We’re using the > %~dp0Logins.txt switch to output the results to a file named Logins.txt in the same directory as the script.

Similar Posts