Someone asked me about this recently, got me interested in using it instead of NTResKit's dumpel tool. Several old messages already on Swynk regarding this, including the 1st parameter, I'm just posting my findings.

First, most importantly, dates reported by xp_eventlog are all screwed up, both in SQL 6.5 and 7.0, haven't tested on SQL 2000 yet. This may be Y2K-related, since I don't see any mention of this in the old pre-Y2K posts. Anyway, this is a serious-enough flaw to eliminate xp_eventlog from my bag of tricks.

The first parameter is "which log?" and can be 'Application', 'Security', or 'System'. This 1st parameter is case-sensitive!

2nd optional parameter is EventType (1, 2, 16, etc.).

3rd optional parameter is EventCategory (e.g. 0, 4, etc.).

4th optional parameter is EventID (e.g. 5719).