WiFi Disconnection

Event ID 8003 is a successful disconnection to a wireless network.

When a user disconnects from WiFi, a log is made in the Operational log of the WLAN-AutoConfig folder. This folder can be found under the Applications and Services Logs folder, and then the Microsoft and Windows folder, respectively.

To view a Wireless disconnection log in the command line, launch PowerShell as an administrator.
Because this is an application log, there are two commands that are required to view it from the command line. The first command is
<pre><code>
$xml = @'
<QueryList>
<Query Id="0" Path="Microsoft-Windows-WLAN-AutoConfig/Operational">
<Select Path="Microsoft-Windows-WLAN-AutoConfig/Operational">*[System[(EventID=8003)]]</Select>
</Query>
</QueryList>
'@
</pre></code>
After this command is run, the second command to view the log can be run. This command is
<pre><code>Get-WinEvent -FilterXM: $xml | select -first 1 | Format-Table -wrap</code></pre>
The "select -first 1" section of this command returns only the most recent log to save space and can be dropped to view more logs.
However, the "Format-Table -wrap" part of this command is what shows the full log in the command line and should not be dropped.