WiFi Connection

This log is buried near the bottom, but it holds all theinformation about internet connections made from a machine.Event ID 8001 is a successful connection to a wireless network.

When a user connects to WiFi, a log is made in the Operationallog of the WLAN-AutoConfig folder.This folder can be found under the Applications and Services Logs folder, and then the Microsoft and Windows folder, respectively.

To view a Wireless disconnection log in the command line, launch PowerShell as an administrator.
Because this is an application log, there are two commands that are required to view it from the command line. The first command is
<pre><code>
$xml = @'
<QueryList>
<Query Id="0" Path="Microsoft-Windows-WLAN-AutoConfig/Operational">
<Select Path="Microsoft-Windows-WLAN-AutoConfig/Operational">*[System[(EventID=8001)]]</Select>
</Query>
</QueryList>
'@
</pre></code>
After this command is run, the second command to view the log can be run. This command is
<pre><code>Get-WinEvent -FilterXM: $xml | select -first 1 | Format-Table -wrap</code></pre>
The "select -first 1" section of this command returns only the most recent log to save space and can be dropped to view more logs.
However, the "Format-Table -wrap" part of this command is what shows the full log in the command line and should not be dropped.