Windows command eventcreate command

Share on facebook
Share on google
Share on twitter
Share on linkedin

eventcreate

Download eventcreate2 1.0.0

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/eventcreate

https://computerthang.com/p/intel-xeon-e5-2650l-8-core-rx560-gtx960-4g-16g-ram-240g-ssd/

Enables an administrator to create a custom event in a specified event log.

 Important

Custom events can’t be written to the security log.

Syntax

eventcreate [/s <computer> [/u <domain\user> [/p <password>]] {[/l {APPLICATION|SYSTEM}]|[/so <srcname>]} /t {ERROR|WARNING|INFORMATION|SUCCESSAUDIT|FAILUREAUDIT} /id <eventID> /d <description>

Parameters

PARAMETERS
Parameter Description
/s <computer> The name or IP address of a remote computer (do not use backslashes). The default is the local computer.
/u <domain\user> Runs the command with the account permissions of the user specified by <user> or <domain\user>. The default is the permissions of the current logged on user on the computer issuing the command.
/p <password> The password of the user account that is specified in the /u parameter.
/l {APPLICATION | SYSTEM} The name of the event log where the event will be created.   The valid log names are APPLICATION or SYSTEM.
/so <srcname> The source to use for the event. A valid source can be any string.  The string should represent the application or component that is generating the event.
/t {ERROR | WARNING | INFORMATION | SUCCESSAUDIT | FAILUREAUDIT} The type of event to create. The valid types are ERRORWARNINGINFORMATIONSUCCESSAUDIT, and FAILUREAUDIT.
/id <eventID> The event ID for the event. A valid ID is any number from 1 to 1000.
/d <description>T The description to use for the newly created event.
/? Displays help at the command prompt.

Examples

The following examples show how you can use the eventcreate command:

eventcreate /t ERROR /id 100 /l application /d "Create event in application log"
eventcreate /t INFORMATION /id 1000 /d "Create event in WinMgmt source"
eventcreate /t ERROR /id 201 /so winword /l application /d "New src Winword in application log"
eventcreate /s server /t ERROR /id 100 /l application /d "Remote machine without user credentials"
eventcreate /s server /u user /p password /id 100 /t ERROR /l application /d "Remote machine with user credentials"
eventcreate /s server1 /s server2 /u user /p password /id 100 /t ERROR /d "Creating events on Multiple remote machines"
eventcreate /s server /u user /id 100 /t WARNING /d "Remote machine with partial user credentials"