[hunk3r]

Сделал. Конечный скрипт вызываемого файла:

Код:

@echo off
setlocal enabledelayedexpansion
set r=%1
set u=%2
set p=%3
set x=%4
set y=%5
set z=%6
%windir%\system32\wevtutil.exe qe /r:%r% /u:%u% /p:%p% %x% /rd:true /f:text /q:"*[%x%[Provider[@Name='%y%'] and (EventID=%z%) and TimeCreated[timediff(@SystemTime) <= 86400000]]]">nul

if %errorlevel% neq 0 set result=-%errorlevel%
if %errorlevel% equ 0 set result=0

FOR /F "delims=" %%i IN ('%windir%\system32\wevtutil.exe qe /r:%r% /u:%u% /p:%p% %x% /rd:true /f:text /q:"*[%x%[Provider[@Name='%y%'] and (EventID=%z%) and TimeCreated[timediff(@SystemTime) <= 86400000]]]"^|find /c "%z%"') do set "cnt=%%~i"

echo %cnt%
echo %result%

Основа:

Код:

@call %~dp0\1.bat server user password System ProviderName EventID