Network Administration: EventCreate Command

The Windows EventCreate command lets you create an event that’s added to one of the Windows event logs. This can be useful if you want to make a note of something unusual that’s happened. It’s often used in batch files to mark the start or completion of a task such as a nightly backup.

Here’s the basic syntax:

eventcreate [options]
eventcreate /T type /D "description" /ID eventide        
   [/L logname] [/SO sourcename]
   [/S system [/U username [/P password]]]

Here’s a description of the options:

  • /T: Specifies the type. The options are Information, Warning, or Error.

  • /D: Provides a descriptive message that’s saved in the log. Use quotes if the message contains more than one word.

  • /ID: A number from 1 to 1000.

  • /L: The name of the log to write the event to. The default is Application.

  • /SO: A string that represents the source of the event. The default is EventCreate. If you specify this option, you must also specify the /L option.

  • /S: The name of the system on which the event should be recorded.

  • /U: The user account to use when logging the event. You can specify this option only if you also specify /S.

  • /P: The password. You can specify this option only if you also specify /U.

Here’s an example that writes an informational message to the Application log:

eventcreate /t information /id 100 /d "Nightly processing completed" /L Application /SO Nightly