eventcreate: This command line tool enables an administrator to create a custom event ID and message in a specified event log.
The command: "eventcreate" is on Windows 11, 10, .. available
The examples for the command "eventcreate"
Here are some examples of the `EVENTCREATE`
command in the Windows Command Prompt with explanatory comments:
Example 1: Create a simple event:
EVENTCREATE /T INFORMATION /ID 100 /L APPLICATION /D "This is a simple informational message."
This command creates a simple informational event with event ID 100 in the application log. The message says "This is a simple informational message."
Example 2: Create a warning with attribution:
EVENTCREATE /T WARNING /ID 200 /L APPLICATION /SO "MyApplication" /D "Warning: Critical condition reached."
An alert with event ID 200 is created here. The event source is set to "MyApplication"
and the message is "Warning: Critical condition reached."
Example 3: Create error event with specific date and time:
EVENTCREATE /T ERROR /ID 300 /L APPLICATION /D "Error starting service." /K /R "12/31/2023 08:00"
This example creates an error event with event ID 300. The message says "Error starting service."
options allow to set a specific date (December 31, 2023) and time (08:00).
Example 4: Create event with custom log:
EVENTCREATE /T INFORMATION /ID 400 /L "MyLog" /D "Custom log event."
Here an informational event with event ID 400 is created in a custom log called MyLog.
Example 5: Interactive message prompt:
SET /P MESSAGE=Please enter an event message:
EVENTCREATE /T INFORMATION /ID 500 /L APPLICATION /D "%MESSAGE%"
This example shows how you can use an interactive prompt to enter a message, and then an information event is created with the entered message.
Please note that administrative privileges may be required to run `EVENTCREATE`
and the available options may vary depending on the version of Windows. For more detailed information, I recommend using the command's help option (`/?`
) or consulting the official Microsoft documentation.
"eventcreate" Excerpt from Microsoft Windows Help
Microsoft Windows [Version 10.0.19045.3693]
(c) Copyright 1985-2023 Microsoft Corp.
EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid
[/L logname] [/SO srcname] /T type /D description
This command line tool enables an administrator to create
a custom event ID and message in a specified event log.
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which
the command should execute.
/P [password] Specifies the password for the given
user context. Prompts for input if omitted.
/L logname Specifies the event log to create
an event in.
/T type Specifies the type of event to create.
Valid types: ERROR, WARNING, INFORMATION.
/SO source Specifies the source to use for the
event. A valid source can be any string
and should represent the application or
component that is generating the event.
/ID id Specifies the event ID for the event. A
valid custom message ID is in the range
of 1 - 1000.
/D description Specifies the description to be set for
the newly creating event.
/? Displays this help/usage.
EVENTCREATE /T ERROR /ID 100
/L APPLICATION /D "Create an event in application log"
EVENTCREATE /T ERROR /ID 999 /L APPLICATION
/SO WinWord /D "new source Winword in application log"
EVENTCREATE /S system /T ERROR /ID 100
/L APPLICATION /D "Remote system without user credentials"
EVENTCREATE /S system /U user /P password /ID 100 /T ERROR
/L APPLICATION /D "Remote machine with user credentials"
EVENTCREATE /S system /U domain\user /ID 100 /T WARNING
/SO MyBatchFile.cmd /D "Maintenance script user logon failed"
Important information, tips for the "eventcreate" command
There are a few important points to note when dealing with the `EVENTCREATE` command in the Windows Command Prompt:
1. Administrative Privileges:
Creating events typically requires administrative permissions. Make sure you open Command Prompt with administrator privileges.
2. Set source name (`/SO`) correctly:
When creating events, you should ensure that the source name (`/SO`) is correct and unique. This name appears in the log and is used to identify the source of the event.
3. Note protocol name (`/L`):
Carefully select the protocol (`/L`) in which to create the event. The most common protocols are "APPLICATION" and "SYSTEM", but custom protocols can also be created.
4. Select event type (`/T`):
Select the correct event type (`/T`) based on the type of event. Available types include ERROR, WARNING, INFORMATION, and SUCCESSAUDIT/FAILUREAUDIT.
5. Unique Event ID (`/ID`):
The event ID (`/ID`) should be unique for each event. It is used to distinguish different events within the protocol.
6. Use optional parameters:
`EVENTCREATE` provides various optional parameters such as `/D` (message), `/K` (label), `/R` (date and time). Understand how to use these options to customize event creation.
7. Include date and time in correct format:
If you use the `/K` and `/R` options, make sure you specify the date and time in the correct format to avoid errors.
8. Checking Event Logs:
After creating events, check the event logs (Event Viewer) on your system to ensure that the events appear as expected.
9. Use in scripts or automation:
`EVENTCREATE` can be used in scripts or automation tasks. Consider the possible usage scenarios when using it in automated processes.
10. Windows version check:
Note that the availability and supported options of `EVENTCREATE` may vary depending on the version of Windows. Check the documentation for your specific version of Windows.
11. Note security and data protection:
Events can contain sensitive information. To comply with security and privacy policies, be careful not to store sensitive information in the events.
It is recommended to consult the official Microsoft documentation on `EVENTCREATE` and, if necessary, use the help option (`/?`) of the command for detailed information and usage examples.