I'm trying to extract event logs on a Windows10 (64bit) machine.
It's like creating a bookmark file of the event log using wevtutil and extracting the one registered in the event log from it.
Partial code excerpt
# Use the previous bookmark file (eventbm.xml) and extract the differences from it wevtUtil qe "Application" /f:xml /bm: "C: \ eventbm.xml" /sbm: "C: \ newevtbm.xml" /rd: false/e: root/sq: true >>"C: \ evtOutput .xml "
However, at some point, the following error message was displayed and the event log could not be extracted.
Failed to search for the event in the specified bookmark.
The XML text specified was not well-formed. See Extended Error for more information.
Checking the generated eventbm.xml does not seem to be a problem.
<BookmarkList> <Bookmark Channel ='Application' RecordId = '100004' IsCurrent ='true' /> </BookmarkList>
I wondered if I changed the value of RecordId from "100004", but I found that the event log extraction failed at 100000.
Would you please tell me if you know how to prevent this phenomenon or alternatives?
Thanking you in advance.
Realized using the application that comes standard with Windows 10
Correspond with bat or vbs as needed
Answer # 1
I tried to extract the event log during the period by referring to the following article.
- java - i have a question about new
- about the error when executing the initial setting of windows server 2019 with ansible
- vuejs - question about how to arrange side by side using v-for in vue
- postgresql - about cross-join in the question about the percentile of 100 data scientist knocks
- java - this is a question about an application problem using a simple for statement
- i have a question about basic python problems
- this is a question about changing the table format of standard sql
- ruby - i have a question about rails routing errors
- i have a question about a problem with python i tried many times
- python - about the process of extracting the canceled data based on the absolute value in the data frame
- mysql - question about how to count sql
- i have a question about a simple problem with [java] files
- windows - about garbled characters in git
- oracle - about client pc settings for windows applications
- about languages and frameworks for creating gui apps for windows
- about windows server rds
- i have a question about php overloading
- windows - i want to replace file names with multiple periods with a command at once
- windows - change powershell file name
- windows - how to enable copy and paste from the command line with cui
- windows - i want to know the ip address of the pc connected by p2p
- windows - [error when deploying heroku] everything up-to-date
- windows - how to stop something started by a command
- windows - i want to count the number of tabs for each line in the file