how to check event source is created or not in event viewer using cmd

Question

I was created an event source in event viewer using cmd but now I want check before creating event source into event viewer that event source already created or not using cmd.

Answer 1

Reference WEVTUtil

Retrieve information about event logs and publishers. Archive logs in a self-contained format, Enumerate the available logs, Install and uninstall event manifests, run queries, Exports events (from an event log, from a log file, or using a structured query) to a specified file, Clear event logs.

Try the following:

WEVTUtil enum-publishers | findstr yoursourcename

where yoursourcename is the name of the event source your are looking for.

Answer 2

EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid
        [/L logname] [/SO srcname] /T type /D description

Description: This command line tool enables an administrator to create a custom event ID and message in a specified event log.

---

For boot time checking using source name for any Windows version (as it varies).

wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where  (sourcename='Autocheck' or sourcename='Winlogon' or sourcename='WinInit') get /format:HForm

Answer 3

Hi i'm not sure if this is feasable with cmd but you can test it with powershell (integrated in Windows since Windows 7?)

write-eventlog -logname Application -source TestApp -eventID 3001 -entrytype Information -message "MyApp added a user-requested feature to the display." -category 1 -rawdata 10,20

if it's not registered you'll an error something like this "write-eventlog : The source name "TestApp" does not exist on computer "localhost"."

hope this will help you.

regards