管理事件檢視器

加上/r:ip、/u:domain\username與/p:passwd:

C:\Windows\system32>wevtutil qe Application  /c:1 /rd:true /f:text /r:10.134.1431 /u:administrator /p:12345
Event[0]:
  Log Name: Application
  Source: SuperMicro Health Assistant
  Date: 2015-05-18T07:11:49.000
  Event ID: 109
  Task: N/A
  Level: Warning
  Opcode: Info
  Keyword: Classic
  User: N/A
  User Name: N/A
  Computer: ssmlab2
  Description:
uuid:94faf3e1-1d3a-421a-b048-7b5ae8203bb3,index:23 total:27,monitored:20,warn:1
2015-05-17 23:11:49 WARNING Power1 exceeds high limit .

首先要將搜尋時間切換成UTC時間。以下面命令為例，要搜尋application種類中，Event建立時間為2015-05-19T00:00:00~2015-05-20T00:00:00間:

wevtutil qe application /f:text /c:1 "/q:*[System[TimeCreated[@SystemTime>='2015-05-19T00:00:00' and @SystemTime<='2015-05-20T00:00:00']]]"

• WEVTUTIL-管理事件檢視器的工具