none
logevent.exe is missing RRS feed

  • Question

  • Hi,

    I'm trying to log a new logevent based on 

    http://support.microsoft.com/?kbid=315410


    however my computer cannot run this command. It doesn't recognize it

    'logevent' is not recognized as an internal or external command,
    operable program or batch file.

    How can I solve this?

     

    I also so the EVENTCREATE command, which my cmd recignize.

    Are these two equivalent?

     

     

    Thursday, April 29, 2010 4:31 PM

Answers

  • This knowledge base article is for Windows 2000, and logevent.exe is is part of the Windows 2000 resource kit. Possibly if you use the logevent.exe from another machine on Windows 7 it may work, but In Windows 7 you should use EVENTCREATE.

    The options for EVENTCREATE are

    EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid
                [/L logname] [/SO srcname] /T type /D description

    Description:
        This command line tool enables an administrator to create
        a custom event ID and message in a specified event log.

    Parameter List:
        /S    system           Specifies the remote system to connect to.

        /U    [domain\]user    Specifies the user context under which
                               the command should execute.

        /P    [password]       Specifies the password for the given
                               user context. Prompts for input if omitted.

        /L    logname          Specifies the event log to create
                               an event in.

        /T    type             Specifies the type of event to create.
                               Valid types: SUCCESS, ERROR, WARNING, INFORMATION.

        /SO   source           Specifies the source to use for the
                               event (if not specified, source will default
                               to 'eventcreate'). A valid source can be any
                               string and should represent the application
                               or component that is generating the event.

        /ID   id               Specifies the event ID for the event. A
                               valid custom message ID is in the range
                               of 1 - 1000.

        /D    description      Specifies the description text for the new event.

        /?                     Displays this help message.


    Examples:
        EVENTCREATE /T ERROR /ID 1000
            /L APPLICATION /D "My custom error event for the application log"

        EVENTCREATE /T ERROR /ID 999 /L APPLICATION
            /SO WinWord /D "Winword event 999 happened due to low diskspace"

        EVENTCREATE /S system /T ERROR /ID 100
            /L APPLICATION /D "Custom job failed to install"

        EVENTCREATE /S system /U user /P password /ID 1 /T ERROR
            /L APPLICATION /D "User access failed due to invalid user credentials"

    With Windows 7 you can also use wevtutil in Windows 7 for additional event viewer management.

    Windows Events Command Line Utility.

    Enables you to retrieve information about event logs and publishers, install
    and uninstall event manifests, run queries, and export, archive, and clear logs.

    Usage:

    You can use either the short (for example, ep /uni) or long (for example,
    enum-publishers /unicode) version of the command and option names. Commands,
    options and option values are not case-sensitive.

    Variables are noted in all upper-case.

    wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]

    Commands:

    el | enum-logs          List log names.
    gl | get-log            Get log configuration information.
    sl | set-log            Modify configuration of a log.
    ep | enum-publishers    List event publishers.
    gp | get-publisher      Get publisher configuration information.
    im | install-manifest   Install event publishers and logs from manifest.
    um | uninstall-manifest Uninstall event publishers and logs from manifest.
    qe | query-events       Query events from a log or log file.
    gli | get-log-info      Get log status information.
    epl | export-log        Export a log.
    al | archive-log        Archive an exported log.
    cl | clear-log          Clear a log.

    Common options:

    /{r | remote}:VALUE
    If specified, run the command on a remote computer. VALUE is the remote computer
    name. Options /im and /um do not support remote operations.

    /{u | username}:VALUE
    Specify a different user to log on to the remote computer. VALUE is a user name
    in the form domain\user or user. Only applicable when option /r is specified.

    /{p | password}:VALUE
    Password for the specified user. If not specified, or if VALUE is "*", the user
    will be prompted to enter a password. Only applicable when the /u option is
    specified.

    /{a | authentication}:[Default|Negotiate|Kerberos|NTLM]
    Authentication type for connecting to remote computer. The default is Negotiate.

    /{uni | unicode}:[true|false]
    Display output in Unicode. If true, then output is in Unicode.

    Friday, April 30, 2010 3:11 AM

All replies

  • This knowledge base article is for Windows 2000, and logevent.exe is is part of the Windows 2000 resource kit. Possibly if you use the logevent.exe from another machine on Windows 7 it may work, but In Windows 7 you should use EVENTCREATE.

    The options for EVENTCREATE are

    EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid
                [/L logname] [/SO srcname] /T type /D description

    Description:
        This command line tool enables an administrator to create
        a custom event ID and message in a specified event log.

    Parameter List:
        /S    system           Specifies the remote system to connect to.

        /U    [domain\]user    Specifies the user context under which
                               the command should execute.

        /P    [password]       Specifies the password for the given
                               user context. Prompts for input if omitted.

        /L    logname          Specifies the event log to create
                               an event in.

        /T    type             Specifies the type of event to create.
                               Valid types: SUCCESS, ERROR, WARNING, INFORMATION.

        /SO   source           Specifies the source to use for the
                               event (if not specified, source will default
                               to 'eventcreate'). A valid source can be any
                               string and should represent the application
                               or component that is generating the event.

        /ID   id               Specifies the event ID for the event. A
                               valid custom message ID is in the range
                               of 1 - 1000.

        /D    description      Specifies the description text for the new event.

        /?                     Displays this help message.


    Examples:
        EVENTCREATE /T ERROR /ID 1000
            /L APPLICATION /D "My custom error event for the application log"

        EVENTCREATE /T ERROR /ID 999 /L APPLICATION
            /SO WinWord /D "Winword event 999 happened due to low diskspace"

        EVENTCREATE /S system /T ERROR /ID 100
            /L APPLICATION /D "Custom job failed to install"

        EVENTCREATE /S system /U user /P password /ID 1 /T ERROR
            /L APPLICATION /D "User access failed due to invalid user credentials"

    With Windows 7 you can also use wevtutil in Windows 7 for additional event viewer management.

    Windows Events Command Line Utility.

    Enables you to retrieve information about event logs and publishers, install
    and uninstall event manifests, run queries, and export, archive, and clear logs.

    Usage:

    You can use either the short (for example, ep /uni) or long (for example,
    enum-publishers /unicode) version of the command and option names. Commands,
    options and option values are not case-sensitive.

    Variables are noted in all upper-case.

    wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]

    Commands:

    el | enum-logs          List log names.
    gl | get-log            Get log configuration information.
    sl | set-log            Modify configuration of a log.
    ep | enum-publishers    List event publishers.
    gp | get-publisher      Get publisher configuration information.
    im | install-manifest   Install event publishers and logs from manifest.
    um | uninstall-manifest Uninstall event publishers and logs from manifest.
    qe | query-events       Query events from a log or log file.
    gli | get-log-info      Get log status information.
    epl | export-log        Export a log.
    al | archive-log        Archive an exported log.
    cl | clear-log          Clear a log.

    Common options:

    /{r | remote}:VALUE
    If specified, run the command on a remote computer. VALUE is the remote computer
    name. Options /im and /um do not support remote operations.

    /{u | username}:VALUE
    Specify a different user to log on to the remote computer. VALUE is a user name
    in the form domain\user or user. Only applicable when option /r is specified.

    /{p | password}:VALUE
    Password for the specified user. If not specified, or if VALUE is "*", the user
    will be prompted to enter a password. Only applicable when the /u option is
    specified.

    /{a | authentication}:[Default|Negotiate|Kerberos|NTLM]
    Authentication type for connecting to remote computer. The default is Negotiate.

    /{uni | unicode}:[true|false]
    Display output in Unicode. If true, then output is in Unicode.

    Friday, April 30, 2010 3:11 AM
  • I'm trying to use eventcreate to log an event on a remote computer.  I have 2 computers on a home network running Win 7 and Vista.  Eventcreate works when run locally as administrator,  but consistently gives "ERROR: The network path was not found." if I try to log an event on the other computer by specifying the IP address, username, and password for my (administrator) account on the other machine.  Pinging the other computer with this IP address works fine. 

    C:>eventcreate /s 192.168.1.4 u/MyAccountName /p MyPassword /l application ... (& other parameters, which work fine when run locally)

    The ultimate goal is to log an event from a physically remote location via the internet.  What am I doing wrong?

    Monday, October 22, 2012 4:24 AM
  • Hi,

    I wish to create a custom event of id above 1000.so that I have to use logevent but it is showing like

    'logEvent' is not recognized as an internal or external command,
    operable program or batch file.

    Thanks 

    Shivraj

    Saturday, December 14, 2019 7:14 AM