/bu:Filename (backup) Creates a backup of the log before clearing it. You must specify
a backup filename with an EVTX extension. (Don??™t use the EVT extension used with previous
version of Windows because the file formats aren??™t compatible.)
Most of the commands use common options. The options are in addition to the special options
discussed as part of the commands. The following list describes each of the options.
NOTE There are some differences between the WEvtUtil options and the options used by other
utilities, even though many of them perform the same function. For example, the familiar /S
command line switch (for remote system) is now the /r command line switch. Be careful when
making assumptions about the options for this utility.
/r:System (remote) Specifies a remote system. You can use any connected system to store
the event log entries. Some administrators send event log entries to a central location to ensure
someone sees them. The remote system must allow the required access.
/u:[domain\]user (username) Defines the user context for executing the command. The
user context is important because not every user has access to the event log.
Pages:
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078