Version 1.0.1.0, 2022-08-20 by Markus Scholtes
C# command line tool to query the events of all event logs ordered by time and export to text or csv file.
New in V1.0.1.0: Omit Security log and events of log level LogAlways per default for overview reasons
Download binaries from the Script Center web page GetAllEvents: Query all events from all event logs or compile yourself...
Compile with Compile.bat (no visual studio needed, but .Net 4.0).
GetAllEventsCLI.cs is a version without graphical (WPF) support because on systems without Desktop Experience installed the "WPF version" crashes.
There is a .Net 3.5 version in folder Net3.5 that lacks grid view and credential support (obviously needs .Net 3.5 to compile and run).
C# command line tool to query the events of all event logs ordered by time in text or csv format.
Security log and events of level LogAlways are omitted per default.
A remote computer can be accessed.
(/ can be used instead of the leading -, = can be used instead of the value introducing :)
-logname:<LOGNAMES> comma separated list of event log names.
Queries all event logs if omitted (can be abbreviated as -log or -l or can be omitted).
-security include Security log (can be abbreviated as -sec).
-level:<LEVEL> queries up to level <LEVEL>. Queries all events if omitted.
Level: Critical - 1, Error - 2, Warning - 3, Informational - 4, Verbose - 5
-logalways include events of level LogAlways (level 0).
-starttime:<STARTTIME> start time of events to query (can be abbreviated as -start or -s).
Default is end time minus one hour.
-endtime:<ENDTIME> end time of events to query (can be abbreviated as -end or -e).
Default is now.
-computername:<COMPUTER> name of computer to query (can be abbreviated as -computer or -c).
Default is the local system.
-domainname:<DOMAIN> name of windows domain to logon (can be abbreviated as -domain or -d). Default is to pass through current credentials.
-username:<USER> name of windows user to logon (can be abbreviated as -user or -u). Default is to pass through current credentials.
-password:<PASSWORD> password of windows user to logon (can be abbreviated as -pass or -p). Default is to pass through current credentials.
-filename:<FILENAME> name of the file in which the results are output (can be abbreviated as -file or -f).
Default is output to the console.
-csv output format "comma separated" instead of output format text.
-grid output to GridView instead of console (can be abbreviated as -g).
-quiet shows only error messages and results (can be abbreviated as -q).
-? or -help shows help (can be abbreviated as -h).
GetAllEvents.exe -start:10:00 -end:11:00
GetAllEvents.exe -start:10:00 -end:11:00 /Grid
GetAllEvents.exe System,Setup,Application -Computer=REMOTESYSTEM
GetAllEvents.exe /logname=Application /level:2 /q /CSV /file:OnlyErrors.csv
GetAllEvents.exe "/starttime:2019/11/29 10:00" "/endtime:2019/11/29 11:00"
GetAllEvents.exe "/s=2019/12/08 10:09:49.450" "/e=2019/12/08 10:09:49.850"
GetAllEvents.exe /log=Security -Computer=REMOTE /D:DOM /U:Admin /P=NoP@ss
Omit Security log and events of log level LogAlways per default for overview reasons
Display of results in Grid view (WPF)
Remote system access with credentials
Initial release