Dump Event Log Syntax

dumpel -f file [-s \\server] [-l log [-m source]] [-e n1 n2 n3...] [-r] [-t] [-d x]

Where:

-f file: specifies the file name for the output file. there is no default for -f, so you must specify the file.
-s server: specifies the server for which you want to dump the event log. leading backslashes on the server name are optional.
-l log: specifies which log (system, application, security) to dump. if an invalid logname is specified, the application log will be dumped.
-m source: specifies in which source (such as rdr, serial, ...) to dump records. only one source can be supplied. if this switch is not used, all events are dumped. if a source is used that is not registered in the registry, the application log will be searched for records of this type.
-e n1 n2 n3 ...: filters for event id nn (up to ten can be specified). if the -r switch is not used, only records of these types are dumped; if -r is used, all records except records of these types are dumped. if this switch is not used, all events from the specified sourcename are selected. you cannot use this switch without the -m switch.
-r: specifies whether to filter for specific sources or records, or to filter them out.
-t: specifies that individual strings are separated by tabs. if -t is not used, strings are separated by spaces.
-d x: dumps events for the past x days.