Skip to main content

PsLogList v2.71

By Mark Russinovich

Published: April 28, 2010

 Download PsTools (1.6 MB)

Ocena: 
 

Introduction

The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides.

 

Installation

Just copy PsLogList onto your executable path, and type "psloglist".

 

Using PsLogList

The default behavior of PsLogList is to show the contents of the System Event Log on the local computer, with visually-friendly formatting of Event Log records. Command line options let you view logs on different computers, use a different account to view a log, or to have the output formatted in a string-search friendly way.

usage: psloglist [- ] [\\computer[,computer[,...] | @file [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-h #|-d #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy][-f filter] [-i ID[,ID[,...] | -e ID[,ID[,...]]] [-o event source[,event source][,..]]] [-q event source[,event source][,..]]] [-l event log file] <eventlog>

@fileExecute the command on each of the computers listed in the file.
-aDump records timestamped after specified date.
-bDump records timestamped before specified date.
-cClear the event log after displaying.
-dOnly display records from previous n days.
-cClear the event log after displaying.
-eExclude events with the specified ID or IDs (up to 10).
-fFilter event types with filter string (e.g. "-f w" to filter warnings).
-hOnly display records from previous n hours.
-iShow only events with the specified ID or IDs (up to 10).
-lDump records from the specified event log file.
-mOnly display records from previous n minutes.
-nOnly display the number of most recent entries specified.
-oShow only records from the specified event source (e.g. \"-o cdrom\").
-pSpecifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-qOmit records from the specified event source or sources (e.g. \"-q cdrom\").
-rSDump log from least recent to most recent.
-sThis switch has PsLogList print Event Log records one-per-line, with comma delimited fields. This format is convenient for text searches, e.g. psloglist | findstr /i text, and for importing the output into a spreadsheet.
-tThe default delimeter is a comma, but can be overriden with the specified character.
-uSpecifies optional user name for login to remote computer.
-wWait for new events, dumping them as they generate (local system only).
-xDump extended data
eventlogeventlog

 

How it Works

Like Win NT/2K's built-in Event Viewer and the Resource Kit's elogdump, PsLogList uses the Event Log API, which is documented in Windows Platform SDK. PsLogList loads message source modules on the system where the event log being viewed resides so that it correctly displays event log messages.

 

Download

Download PsTools
(1.6 MB)

 

 

Download


Download

Download PsTools
(1.6 MB)

 

PsTools
PsLogList is part of a growing kit of Sysinternals command-line tools that aid in the adminstration of local and remote systems named PsTools.

Runs on:

  • Client: Windows XP and higher.
  • Server: Windows Server 2003 and higher.