Hello guys i am doing a web-based auditing project and i need to retrieve out the event settings(Max file log size,restrict guest access,log retention method, etc) via the command prompt. In my situation, i can't access it using the GUI method because i am doing a web-based sort of thing. For GUI method it would be Computer Management -> System Tools -> Event Viewer. I have tried searching the command for a few hours but to no avail so can someone help me out? Thanks a lot in advance!
Without looking into it too hard, I suggest you start with the registry keys under HKLM\SYSTEM\CurrentControlSet\Services\Eventlog
If you have access to WMIC, this will return some of what you are looking for: WMIC NtEventLog GET /format:listUse GET <field1>, <field2>, etc. to target the information you want, such as:
WMIC NtEventLog GET LogFileName, MaxFileSize, OverWritePolicy /format:listWhen your only tool is a hammer, every problem looks like a nail.
Be warned: If this script will be run by people who are not administrators, then WMIC will fail.
I got it, thanks guys for the help!
Ad Choices