Eventcreate

 

Applies To: Windows Server 2008, Windows Server 2012, Windows 8

Enables an administrator to create a custom event in a specified event log. For examples of how to use this command, see Examples.

Syntax

eventcreate [/s <Computer> [/u <Domain\User> [/p <Password>]] {[/l {APPLICATION|SYSTEM}]|[/so <SrcName>]} /t {ERROR|WARNING|INFORMATION|SUCCESSAUDIT|FAILUREAUDIT} /id <EventID> /d <Description>

Parameters

Parameter

Description

/s <Computer>

Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer.

/u <Domain\User> 

Runs the command with the account permissions of the user specified by <User> or <Domain\User>. The default is the permissions of the current logged on user on the computer issuing the command.

/p <Password> 

Specifies the password of the user account that is specified in the /u parameter.

/l {APPLICATION|SYSTEM}

Specifies the name of the event log where the event will be created. The valid log names are APPLICATION and SYSTEM.

/so <SrcName> 

Specifies the source to use for the event. A valid source can be any string and should represent the application or component that is generating the event.

/t {ERROR|WARNING|INFORMATION|

SUCCESSAUDIT|FAILUREAUDIT}

Specifies the type of event to create. The valid types are ERROR, WARNING, INFORMATION, SUCCESSAUDIT, and FAILUREAUDIT.

/id <EventID> 

Specifies the event ID for the event. A valid ID is any number from 1 to 1000.

/d <Description>

Specifies the description to use for the newly created event.

/?

Displays help at the command prompt.

Remarks

  • Custom events cannot be written to the security log.

Examples

The following examples show how you can use the eventcreate command:

eventcreate /t error /id 100 /l application /d "Create event in application log"
eventcreate /t information /id 1000 /so winmgmt /d "Create event in WinMgmt source"
eventcreate /t error /id 2001 /so winword /l application /d "new src Winword in application log"
eventcreate /s server /t error /id 100 /l application /d "Remote machine without user credentials"
eventcreate /s server /u user /p password /id 100 /t error /l application /d "Remote machine with user credentials"
eventcreate /s server1 /s server2 /u user /p password /id 100 /t error /so winmgmt /d "Creating events on Multiple remote machines"
eventcreate /s server /u user /id 100 /t warning /so winmgmt /d "Remote machine with partial user credentials"

Additional References

Command-Line Syntax Key