Skip to content

Instantly share code, notes, and snippets.

@thanhkaiba

thanhkaiba/enable_event_viewer_command_line.md

Last active September 27, 2022 15:19
Show Gist options
  • Save thanhkaiba/79348a249e9998e254982ae378eebd4d to your computer and use it in GitHub Desktop.
Save thanhkaiba/79348a249e9998e254982ae378eebd4d to your computer and use it in GitHub Desktop.
Download ZIP
Enabling or Disabling a given Event Viewer Channel using Command Line
Raw
enable_event_viewer_command_line.md

Windows provides many hidden gems to troubleshoot issues. Among them are the advanced ETW channels exposed in the Windows Event viewer.

To enable this logging:

Use UI:

Go to: Event Viewer > Applications and Service Logs > Microsoft > Windows > <logname> Right click and choose Enable log. If the logging is already enabled, then you may see Disable Log in place of Enable Log.

Use Command Line

If you don’t want to do it using the UI - you can always use wevtutil command to achieve the same thing.

  1. wevtutil el – lists all the event channels.
  2. wevtutil sl <logname> /e:true – enables the event channel wevtutil.
  3. sl <logname> /e:false – disables the event channel.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment