Event Viewer Logging

I recently noticed some changes in performance after enabling all logs in Event Viewer. Is there any way possible I can get a list of the enable/disable default and customized settings for all of the logs in Event Viewer?

Hello Wyatt, if I understand your question, The technet wiki shows you how to retreive a list of all windows 7 event logs

and use the Windows Events Command Line Utility ( WEVTUTIL.exe ) from cmd prompt to interrogate each log customisation.
.

Is there a way to get a list like this that reflects whether the files are enabled or disabled?

How may I export it as a text file?

I can get something like what you want with creating a batch file. The batch file can be created with notepad and saved to your computer, in the usual way.

The batch file assumes some D:\ drive that the user has access rights. The batch file basically outputs a list of event logs to D:\logfile.txt and then for each event log, outputs the configuration information to another list called D:\WEVLIST.TXT. The results you are looking for are in WEVLIST.TXT.

Here is the batch file (version 1.0):

Code:

 
WEVTUTIL EL > D:\LOGLIST.TXT
for /f %%A in ( D:\LOGLIST.TXT ) do WEVTUTIL GL %%A >> D:\WEVLIST.TXT

iko22 said:

I can get something like what you want with creating a batch file. The batch file can be created with notepad and saved to your computer, in the usual way.

The batch file assumes some D:\ drive that the user has access rights. The batch file basically outputs a list of event logs to D:\logfile.txt and then for each event log, outputs the configuration information to another list called D:\WEVLIST.TXT. The results you are looking for are in WEVLIST.TXT.

Here is the batch file (version 1.0):

Code:

 
WEVTUTIL EL > D:\LOGLIST.TXT
for /f %%A in ( D:\LOGLIST.TXT ) do WEVTUTIL GL %%A >> D:\WEVLIST.TXT

What am I doing wrong? I used Windows Powershell and it returned the following...

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\Wyatt> WEVTUTIL EL > D:\LOGLIST.TXT
The device is not ready.
At line:1 char:14
+ WEVTUTIL EL > <<<< D:\LOGLIST.TXT
+ CategoryInfo : OpenError: (:) [], IOException
+ FullyQualifiedErrorId : FileOpenFailure

PS C:\Users\Wyatt> for /f %%A in ( D:\LOGLIST.TXT ) do WEVTUTIL GL %%A >> D:\WEVLIST.TXT
Missing opening '(' after keyword 'for'.
At line:1 char:5
+ for <<<< /f %%A in ( D:\LOGLIST.TXT ) do WEVTUTIL GL %%A >> D:\WEVLIST.TXT
+ CategoryInfo : ParserError: (OpenParenToken:TokenId) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingOpenParenthesisAfterKeyword

PS C:\Users\Wyatt>

Change the destination path.

Where "D:" occurs in batch file, substitute for a valid pathname or use "C:\Users\Wyatt\Desktop".

iko22 said:

I can get something like what you want with creating a batch file. The batch file can be created with notepad and saved to your computer, in the usual way.

The batch file assumes some D:\ drive that the user has access rights. The batch file basically outputs a list of event logs to D:\logfile.txt and then for each event log, outputs the configuration information to another list called D:\WEVLIST.TXT. The results you are looking for are in WEVLIST.TXT.

Here is the batch file (version 1.0):

Code:

 
WEVTUTIL EL > D:\LOGLIST.TXT
for /f %%A in ( D:\LOGLIST.TXT ) do WEVTUTIL GL %%A >> D:\WEVLIST.TXT

Entering only the first line I get an export listing only the Event Viewer log names.

Entering the second line I get this...