Wevutil komutu ile Server 2008 uzerinde event yonetimi

Server 2008 ile birlikte gelen yeni bir özellikte wevutil komutu.Kurulumdan sonra event viewer penceresine girdiğimizde zaten daha düzenli bir yapı bizi bekliyor.Eventlar arasında istediğimiz kombinasyonlarla görüntülemeler sağlayabiliyoruz.Bu konudaki bir diğer yenilikte eklenen bir komut…Komut satırından wevutil komutunu kullanarak server 2008 üzerindeki eventları yönetebiliriz.Yönetebiliriz derken neden bahsediyoruz?Örneğin belirli kategorideki event ların yedeğini almamızı sağlıyor bu komut.Bunu .bat dosyası haline getirebiliriz.Yada ilgili eventlar hakkında komut dizini ile bilgi edinebiliyoruz.Komutla ilgili parametreleri aşağıdaki tabloda bulabilirsiniz.

Parameter Description
{el | enum-logs} Displays the names of all logs, including all of the new Windows logs with their syntax.
{gl | get-log} <Logname> [/f:<Format>] Allows you to specify a log, which will then display the status of the log. The status and information will include whether the log is enabled/disabled, sizing limits of the log, and the path to where the log is stored.
{sl | set-log} <Logname> [/e:<Enabled>] [/i:<Isolation>] [/lfn:<Logpath>] [/rt:<Retention>] [/ab:<Auto>] [/ms:<Size>] [/l:<Level>] [/k:<Keywords>] [/ca:<Channel>] [/c:<Config>] Allows you to modify the detailed configurations of the log that you specify.
{ep | enum-publishers} Displays the event publishers on the local computer. The event publishers are software components that can generate events and then deliver them to the Event Viewer.
{gp | get-publisher} <Publishername> [/ge:<Metadata>] [/gm:<Message>] [/f:<Format>]] Allows you to specify the event publisher, which will then display the configuration information for that publisher.
{qe | query-events} <Path> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/bm:<Bookmark>] [/sbm:<Savebm>] [/rd:<Direction>] [/f:<Format>] [/l:<Locale>] [/c:<Count>] [/e:<Element>] This allows you to obtain the events for a specified log. The log can either be from the event viewer, a log file, or using a structured query. In most cases you will just type the log name for the <Path>. If you use the /lf option, then you will need to input the path to the log file that you want to read. To use a structured query, you must use the /sq parameter along with the path to the structured query.
{gli | get-loginfo} <Logname> [/lf:<Logfile>] Allows you to gather information about the event log or log file. This is good to see overall information for the log.
{epl | export-log} <Path> <Exportfile> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/ow:<Overwrite>] Allows you to export events to a file. You can export from a log in Event Viewer, a log file or using a structured query. Exports events from an event log, from a log file, or using a structured query to the specified file. In most cases you will just type the log name for the <Path>. If you use the /lf option, then you will need to input the path to the log file that you want to read. To use a structured query, you must use the /sq parameter along with the path to the structured query. The <Exportfile> is the path to the file where you want the exported events to be stored.
{al | archive-log} <Logpath> [/l:<Locale>] Allows you to archive the log that you specify. The archive location will be a subdirectory with all of the information stored in the subdirectory.
{cl | clear-log} <Logname> [/bu:<Backup>] Allows you to clear the events from the log that you specify. If you want to perform a backup of the cleared events, you can use the /bu option.

Leave a Reply

Your email address will not be published. Required fields are marked *

− 5 = 5