EXPORTING LOGS

PS C:\> wevtutil
 Commands:
 el | enum-logs          List log names.
 gl | get-log            Get log configuration information.
 sl | set-log            Modify configuration of a log.
 ep | enum-publishers    List event publishers. 
 gp | get-publisher      Get publisher configuration information.
 im | install-manifest   Install event publishers and logs from manifest. 
 um | uninstall-manifest Uninstall event publishers and logs from manifest.
 qe | query-events       Query events from a log or log file.
 gli | get-log-info      Get log status information.
 epl | export-log        Export a log. 
 al | archive-log        Archive an exported log. 
 cl | clear-log          Clear a log.
 
PS C:\> wevtutil el
 ...
 
PS C:\> wevtutil epl "Microsoft-Windows-Sysmon/Operational" "C:\Logs\Sysmon-Operational.evtx"

 * Microsoft-Windows-Sysmon/Operational is the source
 * Sysmon-Operational is the destination
PreviousWINDOWS EVENT LOGS NextOSQUERY
Last updated 5 days ago