Windows Event Collector Utility.
Create and manage subscriptions to events forwarded from remote event sources that support WS-Management protocol.
Syntax
WECUTIL command [Argument [Argument] ...] [/Option:VALUE [/Option:VALUE] ...]
Key
List all existent remote event subscriptions:
es (enum-subscription)
Get subscription configuration:
gs (get-subscription) SUBSCRIPTION_ID [/Option:VALUE [/Option:VALUE] ...]
/f:VALUE
/format:VALUE
VALUE can be XML or Terse name-value pairs(default).
/u:VALUE
/unicode:VALUE
Display output in unicode (UTF-16).
VALUE can be true or false. If VALUE is true then output is in Unicode.
Get subscription runtime status:
gr (get-subscriptionruntimestatus) SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...]
where EVENT_SOURCE identifies a machine serving as a source of events
Set subscription configuration:
ss (set-subscription) SUBSCRIPTION_ID [/Option:VALUE [/Option:VALUE] ...]
ss (set-subscription) /c:CONFIG_FILE [/cus:Username [/cup:Password] ...]
Create new subscription:
cs (create-subscription) CONFIGURATION_FILE [/Option:VALUE [/Option:VALUE] ...]
Delete subscription:
ds (delete-subscription) SUBSCRIPTION_ID
Retry subscription:
rs (retry-subscription) SUBSCRIPTION_ID [EVENT_SOURCE [EVENT_SOURCE] ...]
Configure Windows Event Collector service:
qc (quick-config) /quiet:{true|false}
/help | ? Help for the wecutil program.
For a full list of subscriptions/options for specific commands:
wecutil COMMAND -?
You can use either the short or long (shown in parentheses) version of each command name.
Display configuration information for a subscription named sub1:
C:\> wecutil.exe gs sub1
Display the runtime status of a subscription named sub1:
C:\> wecutil gr sub1
Create a subscription to forward events using an XML configuration file:
C:\> wecutil cs subscription.xml
Delete a subscription named sub1:
C:\> wecutil ds sub1
“The two offices of memory are collection and distribution” ~ Samuel Johnson
EVENTCREATE - Add a message to the Windows event log.
PsLogList - Event log records.