From 8eb988820000ef18cc23e42fe3e7db3d8fb4f8ba Mon Sep 17 00:00:00 2001 From: Kyle Sabo Date: Fri, 24 Apr 2026 13:13:24 -0700 Subject: [PATCH 1/2] add symlink warning --- WindowsServerDocs/administration/windows-commands/wevtutil.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WindowsServerDocs/administration/windows-commands/wevtutil.md b/WindowsServerDocs/administration/windows-commands/wevtutil.md index a7464023d6..4c0305f250 100644 --- a/WindowsServerDocs/administration/windows-commands/wevtutil.md +++ b/WindowsServerDocs/administration/windows-commands/wevtutil.md @@ -40,7 +40,7 @@ wevtutil [{el | enum-logs}] [{gl | get-log} [/f:]] |{qe \| query-events} \ [/lf:\] [/sq:\] [/q:\] [/bm:\] [/sbm:\] [/rd:\] [/f:\] [/l:\] [/c:\] [/e:\]|Reads events from an event log, from a log file, or using a structured query. By default, you provide a log name for \. However, if you use the **/lf** option, then \ must be a path to a log file. If you use the **/sq** parameter, \ must be a path to a file that contains a structured query.| |{gli \| get-loginfo} \ [/lf:\]|Displays status information about an event log or log file. If the **/lf** option is used, \ is a path to a log file. You can run **wevtutil el** to obtain a list of log names.| |{epl \| export-log} \ \ [/lf:\] [/sq:\] [/q:\] [/ow:\]|Exports events from an event log, from a log file, or using a structured query to the specified file. By default, you provide a log name for \. However, if you use the **/lf** option, then \ must be a path to a log file. If you use the **/sq** option, \ must be a path to a file that contains a structured query. \ is a path to the file where the exported events will be stored.| -|{al \| archive-log} \ [/l:\]|Archives the specified log file in a self-contained format. A subdirectory with the name of the locale is created and all locale-specific information is saved in that subdirectory. After the directory and log file are created by running **wevtutil al**, events in the file can be read whether the publisher is installed or not.| +|{al \| archive-log} \ [/l:\]|Archives the specified log file in a self-contained format. A subdirectory with the name of the locale is created and all locale-specific information is saved in that subdirectory. After the directory and log file are created by running **wevtutil al**, events in the file can be read whether the publisher is installed or not.**Note** Files in the locale-specific subdirectory will be overwritten. Make sure the location is trusted and does not contain untrusted symlinks or junctions to critical files. | |{cl \| clear-log} \ [/bu:\]|Clears events from the specified event log. The **/bu** option can be used to back up the cleared events.| ## Options From f63a32eabeedff30c334ffce759b59517e590176 Mon Sep 17 00:00:00 2001 From: Kyle Sabo Date: Fri, 24 Apr 2026 13:19:26 -0700 Subject: [PATCH 2/2] Fix formatting in wevtutil command documentation --- WindowsServerDocs/administration/windows-commands/wevtutil.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WindowsServerDocs/administration/windows-commands/wevtutil.md b/WindowsServerDocs/administration/windows-commands/wevtutil.md index 4c0305f250..abd5c2586c 100644 --- a/WindowsServerDocs/administration/windows-commands/wevtutil.md +++ b/WindowsServerDocs/administration/windows-commands/wevtutil.md @@ -40,7 +40,7 @@ wevtutil [{el | enum-logs}] [{gl | get-log} [/f:]] |{qe \| query-events} \ [/lf:\] [/sq:\] [/q:\] [/bm:\] [/sbm:\] [/rd:\] [/f:\] [/l:\] [/c:\] [/e:\]|Reads events from an event log, from a log file, or using a structured query. By default, you provide a log name for \. However, if you use the **/lf** option, then \ must be a path to a log file. If you use the **/sq** parameter, \ must be a path to a file that contains a structured query.| |{gli \| get-loginfo} \ [/lf:\]|Displays status information about an event log or log file. If the **/lf** option is used, \ is a path to a log file. You can run **wevtutil el** to obtain a list of log names.| |{epl \| export-log} \ \ [/lf:\] [/sq:\] [/q:\] [/ow:\]|Exports events from an event log, from a log file, or using a structured query to the specified file. By default, you provide a log name for \. However, if you use the **/lf** option, then \ must be a path to a log file. If you use the **/sq** option, \ must be a path to a file that contains a structured query. \ is a path to the file where the exported events will be stored.| -|{al \| archive-log} \ [/l:\]|Archives the specified log file in a self-contained format. A subdirectory with the name of the locale is created and all locale-specific information is saved in that subdirectory. After the directory and log file are created by running **wevtutil al**, events in the file can be read whether the publisher is installed or not.**Note** Files in the locale-specific subdirectory will be overwritten. Make sure the location is trusted and does not contain untrusted symlinks or junctions to critical files. | +|{al \| archive-log} \ [/l:\]|Archives the specified log file in a self-contained format. A subdirectory with the name of the locale is created and all locale-specific information is saved in that subdirectory. After the directory and log file are created by running **wevtutil al**, events in the file can be read whether the publisher is installed or not. **Note** Files in the locale-specific subdirectory will be overwritten. Make sure the location is trusted and does not contain untrusted symlinks or junctions to critical files. | |{cl \| clear-log} \ [/bu:\]|Clears events from the specified event log. The **/bu** option can be used to back up the cleared events.| ## Options