logparser "SELECT * FROM Application.evt"
Task aborted.
Cannot open <from-entity>: Error opening event log "\\?\C:\Application.evt": The event log file is corrupted.
Task aborted.
Cannot open <from-entity>: Error opening event log "\\?\C:\Application.evt": The event log file is corrupted.
Statistics:
-----------
Elements processed: 0
Elements output: 0
Execution time: 0.61 seconds
-----------
Elements processed: 0
Elements output: 0
Execution time: 0.61 seconds
Solution:
wevtutil epl application.evt application.evtx /lf:true
wevtutil [{el | enum-logs}] [{gl | get-log} <Logname> [/f:<Format>]]
[{sl | set-log} <Logname> [/e:<Enabled>] [/i:<Isolation>] [/lfn:<Logpath>] [/rt:<Retention>] [/ab:<Auto>] [/ms:<Size>] [/l:<Level>] [/k:<Keywords>] [/ca:<Channel>] [/c:<Config>]]
[{ep | enum-publishers}]
[{gp | get-publisher} <Publishername> [/ge:<Metadata>] [/gm:<Message>] [/f:<Format>]] [{im | install-manifest} <Manifest>]
[{um | uninstall-manifest} <Manifest>] [{qe | query-events} <Path> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/bm:<Bookmark>] [/sbm:<Savebm>] [/rd:<Direction>] [/f:<Format>] [/l:<Locale>] [/c:<Count>] [/e:<Element>]]
[{gli | get-loginfo} <Logname> [/lf:<Logfile>]]
[{epl | export-log} <Path> <Exportfile> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/ow:<Overwrite>]]
[{al | archive-log} <Logpath> [/l:<Locale>]]
[{cl | clear-log} <Logname> [/bu:<Backup>]] [/r:<Remote>] [/u:<Username>] [/p:<Password>] [/a:<Auth>] [/uni:<Unicode>]
Event Collector is managed with a command-line tool, Windows Event Collector Utility (Wecutil.exe).
沒有留言:
張貼留言