Win10基础 系统日志文件存储的路径
程序员文章站
2022-06-12 09:02:19
...
- OS : Windows 10 Version 1909
- blog : blog.csdn.net/shiwanwu
- typesetting : Markdown
路径及内容
C:\Windows\System32\winevt\Logs
more knowledge
- 使用powershell统计文件夹内的文件信息
PS C:\Windows\System32\winevt\Logs> Get-ChildItem
目录: C:\Windows\System32\winevt\Logs
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 2020/5/1 19:51 4263936 Application.evtx
-a---- 2019/11/3 0:04 69632 HardwareEvents.evtx
-a---- 2019/11/3 0:04 69632 Internet Explorer.evtx
-a---- 2019/11/3 0:04 69632 Key Management Service.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-AppV-Client%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-AppV-Client%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-AppV-Client%4Virtual Applications.evtx
-a---- 2020/5/1 19:57 1052672 Microsoft-Client-Licensing-Platform%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-User Experience Virtualization-Agent Driver%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-User Experience Virtualization-App Agent%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-User Experience Virtualization-IPC%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-User Experience Virtualization-SQM Uploader%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-AAD%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-All-User-Install-Agent%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AllJoyn%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AppHost%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AppID%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-ApplicabilityEngine%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Application Server-Applications%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Application Server-Applications%4Operational.evtx
-a---- 2020/2/19 21:32 69632 Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Application-Experience%4Program-Inventory.evtx
-a---- 2019/11/4 22:06 69632 Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
-a---- 2020/2/6 21:52 69632 Microsoft-Windows-Application-Experience%4Steps-Recorder.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AppLocker%4EXE and DLL.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AppLocker%4MSI and Script.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx
-a---- 2020/5/1 20:20 1052672 Microsoft-Windows-AppModel-Runtime%4Admin.evtx
-a---- 2020/2/6 15:48 1118208 Microsoft-Windows-AppReadiness%4Admin.evtx
-a---- 2020/2/6 15:48 1118208 Microsoft-Windows-AppReadiness%4Operational.evtx
-a---- 2020/5/1 20:28 1052672 Microsoft-Windows-AppXDeployment%4Operational.evtx
-a---- 2020/5/1 20:15 5246976 Microsoft-Windows-AppXDeploymentServer%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx
-a---- 2020/5/1 19:22 1052672 Microsoft-Windows-AppxPackaging%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AssignedAccess%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-AssignedAccessBroker%4Admin.evtx
-a---- 2020/2/16 20:15 69632 Microsoft-Windows-Audio%4CaptureMonitor.evtx
-a---- 2020/2/16 20:15 69632 Microsoft-Windows-Audio%4Operational.evtx
-a---- 2020/2/22 16:41 69632 Microsoft-Windows-Audio%4PlaybackManager.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Authentication User Interface%4Operational.evtx
-a---- 2020/2/7 22:36 69632 Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx
-a---- 2019/11/4 22:48 69632 Microsoft-Windows-Backup.evtx
-a---- 2020/5/1 20:28 1052672 Microsoft-Windows-Biometrics%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-BitLocker%4BitLocker Management.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-BitLocker-DrivePreparationTool%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-BitLocker-DrivePreparationTool%4Operational.evtx
-a---- 2020/5/1 17:58 1052672 Microsoft-Windows-Bits-Client%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Bluetooth-BthLEPrepairing%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-BranchCache%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-BranchCacheSMB%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-CertificateServicesClient-Lifecycle-System%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-CertificateServicesClient-Lifecycle-User%4Operational.evtx
-a---- 2020/5/1 16:27 1052672 Microsoft-Windows-CloudStore%4Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-CodeIntegrity%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Compat-Appraiser%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Containers-BindFlt%4Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-Containers-Wcifs%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Containers-Wcnfs%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-CoreApplication%4Operational.evtx
-a---- 2020/5/1 17:58 69632 Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DAL-Provider%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DataIntegrityScan%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DataIntegrityScan%4CrashRecovery.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DateTimeControlPanel%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Deduplication%4Diagnostic.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Deduplication%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Deduplication%4Scrubbing.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DeviceGuard%4Operational.evtx
-a---- 2020/2/23 15:46 69632 Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx
-a---- 2020/5/1 17:58 1052672 Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Devices-Background%4Operational.evtx
-a---- 2020/5/1 19:13 1052672 Microsoft-Windows-DeviceSetupManager%4Admin.evtx
-a---- 2020/5/1 17:58 69632 Microsoft-Windows-DeviceSetupManager%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DeviceSync%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DeviceUpdateAgent%4Operational.evtx
-a---- 2020/5/1 17:58 69632 Microsoft-Windows-Dhcp-Client%4Admin.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
-a---- 2020/5/1 18:24 1052672 Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Diagnosis-PCW%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
-a---- 2020/5/1 17:58 69632 Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
-a---- 2020/5/1 17:58 69632 Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx
-a---- 2020/5/1 17:58 69632 microsoft-windows-diagnosis-scripted%4operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Diagnostics-Networking%4Operational.evtx
-a---- 2020/5/1 16:29 69632 Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DiskDiagnostic%4Operational.evtx
-a---- 2020/2/6 11:24 69632 Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DSC%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DSC%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DxgKrnl-Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-DxgKrnl-Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EapHost%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EapMethods-RasChap%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EapMethods-RasTls%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EapMethods-Sim%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EapMethods-Ttls%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EDP-Application-Learning%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EDP-Audit-Regular%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EDP-Audit-TCB%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-EventCollector%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-FeatureConfiguration%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-FileHistory-Core%4WHC.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-FileHistory-Engine%4BackupLog.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-FMS%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Folder Redirection%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Forwarding%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-GenericRoaming%4Admin.evtx
-a---- 2020/5/1 20:20 1118208 Microsoft-Windows-GroupPolicy%4Operational.evtx
-a---- 2020/5/1 19:27 1052672 Microsoft-Windows-HelloForBusiness%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Help%4Operational.evtx
-a---- 2019/11/4 23:14 69632 Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-HotspotAuth%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Hyper-V-Hypervisor-Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Hyper-V-Hypervisor-Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Hyper-V-VID-Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-IdCtrls%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-IKE%4Operational.evtx
-a---- 2020/2/22 16:41 1052672 Microsoft-Windows-International%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-International-RegionalOptionsControlPanel%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Iphlpsvc%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-IPxlatCfg%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-KdsSvc%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Kernel-ApphelpCache%4Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-Kernel-Boot%4Operational.evtx
-a---- 2020/2/20 12:45 69632 Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Kernel-IO%4Operational.evtx
-a---- 2020/2/22 16:41 1052672 Microsoft-Windows-Kernel-PnP%4Configuration.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Kernel-WDI%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Kernel-WHEA%4Errors.evtx
-a---- 2020/5/1 16:26 1052672 Microsoft-Windows-Kernel-WHEA%4Operational.evtx
-a---- 2020/5/1 19:22 69632 Microsoft-Windows-Known Folders API Service.evtx
-a---- 2020/5/1 17:58 69632 Microsoft-Windows-LanguagePackSetup%4Operational.evtx
-a---- 2020/5/1 20:31 1052672 Microsoft-Windows-LiveId%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-ModernDeployment-Diagnostics-Provider%4Admin.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-ModernDeployment-Diagnostics-Provider%4Autopilot.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-ModernDeployment-Diagnostics-Provider%4ManagementService.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Mprddm%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-MUI%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-MUI%4Operational.evtx
-a---- 2020/2/19 21:12 69632 Microsoft-Windows-NcdAutoSetup%4Operational.evtx
-a---- 2020/5/1 17:57 69632 Microsoft-Windows-NCSI%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-NdisImPlatform%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-NetworkLocationWizard%4Operational.evtx
-a---- 2020/5/1 17:57 1052672 Microsoft-Windows-NetworkProfile%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-NetworkProvider%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-NetworkProvisioning%4Operational.evtx
-a---- 2019/11/4 23:14 69632 Microsoft-Windows-NlaSvc%4Operational.evtx
-a---- 2020/5/1 20:27 1118208 Microsoft-Windows-Ntfs%4Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-Ntfs%4WHC.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-NTLM%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-OfflineFiles%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-OneBackup%4Debug.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-OOBE-Machine-DUI%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PackageStateRoaming%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-ParentalControls%4Operational.evtx
-a---- 2020/5/1 16:27 1118208 Microsoft-Windows-Partition%4Diagnostic.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PerceptionRuntime%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PerceptionSensorDataService%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PersistentMemory-Nvdimm%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PersistentMemory-PmemDisk%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PersistentMemory-ScmBus%4Certification.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PersistentMemory-ScmBus%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Policy%4Operational.evtx
-a---- 2020/2/6 11:24 69632 Microsoft-Windows-PowerShell%4Admin.evtx
-a---- 2020/5/1 20:26 1118208 Microsoft-Windows-PowerShell%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PrintBRM%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-PrintService%4Admin.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx
-a---- 2020/5/1 17:58 1052672 Microsoft-Windows-Provisioning-Diagnostics-Provider%4Admin.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Provisioning-Diagnostics-Provider%4AutoPilot.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Provisioning-Diagnostics-Provider%4ManagementService.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-PushNotification-Platform%4Admin.evtx
-a---- 2020/5/1 20:32 1052672 Microsoft-Windows-PushNotification-Platform%4Operational.evtx
-a---- 2020/5/1 16:28 69632 Microsoft-Windows-ReadyBoost%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-ReadyBoostDriver%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-ReFS%4Operational.evtx
-a---- 2019/11/4 22:48 69632 Microsoft-Windows-Regsvr32%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RemoteApp and Desktop Connections%4Operational.evtx
-a---- 2019/11/4 22:48 69632 Microsoft-Windows-RemoteAssistance%4Admin.evtx
-a---- 2020/2/23 15:46 69632 Microsoft-Windows-RemoteAssistance%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RemoteDesktopServices-SessionServices%4Operational.evtx
-a---- 2020/5/1 18:57 69632 Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
-a---- 2020/5/1 18:20 69632 Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx
-a---- 2019/11/4 22:06 69632 Microsoft-Windows-RestartManager%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RetailDemo%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-RetailDemo%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SearchUI%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Security-Adminless%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Security-EnterpriseData-FileRevocationManager%4Operational.evtx
-a---- 2020/5/1 20:20 1052672 Microsoft-Windows-Security-LessPrivilegedAppContainer%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Security-Mitigations%4KernelMode.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Security-Mitigations%4UserMode.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Security-Netlogon%4Operational.evtx
-a---- 2020/2/22 16:41 69632 Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging%4Operational.evtx
-a---- 2020/5/1 16:28 69632 Microsoft-Windows-Security-SPP-UX-Notifications%4ActionCenter.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Security-UserConsentVerifier%4Audit.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SecurityMitigationsBroker%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SENSE%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SenseIR%4Operational.evtx
-a---- 2020/5/1 20:29 1052672 Microsoft-Windows-SettingSync%4Debug.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-SettingSync%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SettingSync-Azure%4Debug.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SettingSync-Azure%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SettingSync-OneDrive%4Debug.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SettingSync-OneDrive%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Shell-Core%4ActionCenter.evtx
-a---- 2020/5/1 16:27 1052672 Microsoft-Windows-Shell-Core%4AppDefaults.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-Shell-Core%4LogonTasksChannel.evtx
-a---- 2020/5/1 16:26 1052672 Microsoft-Windows-Shell-Core%4Operational.evtx
-a---- 2020/5/1 16:27 1052672 Microsoft-Windows-ShellCommon-StartLayoutPopulation%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SmartCard-Audit%4Authentication.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SmartCard-DeviceEnum%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SmartCard-TPM-VCard-Module%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SmartCard-TPM-VCard-Module%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-SmbClient%4Audit.evtx
-a---- 2020/5/1 17:57 1118208 Microsoft-Windows-SmbClient%4Connectivity.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-SMBClient%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-SmbClient%4Security.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SMBDirect%4Admin.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-SMBServer%4Audit.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-SMBServer%4Connectivity.evtx
-a---- 2020/5/1 17:57 1118208 Microsoft-Windows-SMBServer%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-SMBServer%4Security.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SMBWitnessClient%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SMBWitnessClient%4Informational.evtx
-a---- 2020/5/1 20:15 1118208 Microsoft-Windows-StateRepository%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-StateRepository%4Restricted.evtx
-a---- 2020/2/23 15:46 69632 Microsoft-Windows-Storage-ClassPnP%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Storage-Storport%4Health.evtx
-a---- 2020/5/1 20:29 2166784 Microsoft-Windows-Storage-Storport%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Storage-Tiering%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-StorageManagement%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-StorageSpaces-Driver%4Diagnostic.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-StorageSpaces-Driver%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-StorageSpaces-SpaceManager%4Diagnostic.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-StorageSpaces-SpaceManager%4Operational.evtx
-a---- 2020/5/1 20:29 20058112 Microsoft-Windows-Store%4Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-Storsvc%4Diagnostic.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-SystemSettingsThreshold%4Operational.evtx
-a---- 2020/5/1 17:57 1052672 Microsoft-Windows-TaskScheduler%4Maintenance.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TCPIP%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
-a---- 2020/5/1 16:27 1052672 Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-Printers%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-Printers%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-ServerUSBDevices%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TerminalServices-ServerUSBDevices%4Operational.evtx
-a---- 2020/5/1 17:58 1052672 Microsoft-Windows-Time-Service%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Time-Service-PTP-Provider%4PTP-Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Troubleshooting-Recommended%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Troubleshooting-Recommended%4Operational.evtx
-a---- 2020/5/1 20:20 69632 Microsoft-Windows-TWinUI%4Operational.evtx
-a---- 2020/5/1 17:58 69632 Microsoft-Windows-TZSync%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-TZUtil%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-UAC%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx
-a---- 2020/5/1 20:29 1052672 Microsoft-Windows-UniversalTelemetryClient%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-User Control Panel%4Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-User Device Registration%4Admin.evtx
-a---- 2020/5/1 16:27 1118208 Microsoft-Windows-User Profile Service%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-User-Loader%4Operational.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-UserPnp%4ActionCenter.evtx
-a---- 2020/2/20 11:05 69632 Microsoft-Windows-UserPnp%4DeviceInstall.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-VDRVROOT%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-VerifyHardwareSecurity%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-VHDMP-Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Volume%4Diagnostic.evtx
-a---- 2020/5/1 16:27 1052672 Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-VPN%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-VPN-Client%4Operational.evtx
-a---- 2020/5/1 16:27 1052672 Microsoft-Windows-Wcmsvc%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WDAG-PolicyEvaluator-CSP%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WDAG-PolicyEvaluator-GP%4Operational.evtx
-a---- 2020/5/1 16:27 69632 Microsoft-Windows-WebAuthN%4Operational.evtx
-a---- 2020/5/1 18:20 69632 Microsoft-Windows-WER-PayloadHealth%4Operational.evtx
-a---- 2020/2/19 21:12 69632 Microsoft-Windows-WFP%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Win32k%4Operational.evtx
-a---- 2020/5/1 20:29 1052672 Microsoft-Windows-Windows Defender%4Operational.evtx
-a---- 2019/11/3 0:08 69632 Microsoft-Windows-Windows Defender%4WHC.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx
-a---- 2020/5/1 20:20 1052672 Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
-a---- 2019/11/3 0:04 69632 Microsoft-Windows-Windows Firewall With Advanced Security%4FirewallDiagnostics.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
-a---- 2020/5/1 18:08 1052672 Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx
-a---- 2020/5/1 16:51 1052672 Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
-a---- 2019/11/4 22:56 69632 Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx
-a---- 2020/5/1 16:27 1052672 Microsoft-Windows-Winlogon%4Operational.evtx
-a---- 2020/5/1 17:58 1052672 Microsoft-Windows-WinRM%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Wired-AutoConfig%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
-a---- 2020/5/1 20:20 1052672 Microsoft-Windows-WMI-Activity%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WMPNSS-Service%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WorkFolders%4Operational.evtx
-a---- 2019/11/3 0:12 69632 Microsoft-Windows-WorkFolders%4WHC.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-Workplace Join%4Admin.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-Windows-WWAN-SVC-Events%4Operational.evtx
-a---- 2020/2/16 21:55 69632 Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel.evtx
-a---- 2020/2/16 21:55 69632 OpenSSH%4Admin.evtx
-a---- 2020/2/16 21:55 69632 OpenSSH%4Operational.evtx
-a---- 2019/11/4 22:48 69632 Parameters.evtx
-a---- 2020/5/1 20:03 10555392 Security.evtx
-a---- 2020/5/1 17:58 69632 Setup.evtx
-a---- 2020/2/16 21:55 69632 SMSApi.evtx
-a---- 2019/11/4 22:48 69632 State.evtx
-a---- 2020/5/1 20:20 1118208 System.evtx
-a---- 2020/5/1 17:11 1118208 Windows PowerShell.evtx
PS C:\Windows\System32\winevt\Logs>
resource
- [ doc ] docs.microsoft.com/zh-cn/windows
- [ msdn ] msdn.microsoft.com/zh-cn
- [ 平台 ] www.csdn.net
感恩曾经帮助过 师万物 的人。
在日常生活中会用到Windows系统,建议学习简单的使用与配置。
学有余力的话,可以了解Windows、Mac OS和基于Linux的各个发行版本的优劣势,找到适合自身发展的桌面操作系统。