 |
| Copyright ©
2000 Mark Russinovich |
Last Updated February 17, 2000, Version 1.0
|
| Introduction |
The Resource Kit
comes with a utility, elogdump, that lets you dump the contents of an
Event Log on the local or a remote computer. ELogList is a clone of
elogdump except that ELogList lets you login to remote systems in
situations your current set of security credentials would not permit access to
the Event Log. |
| Installation |
Just copy
ELogList onto your executable path, and type "eloglist".
ELogList works on NT 3.51, NT 4.0, and Win2K. |
| Usage |
The default
behavior of ELogƒì�‹ is to show the contents of the System Event Log on
the local computer, with visually-friendly formatting of Event Log records.
Command line options let you view logs on different computers, use a different
account to view a log, or to have the output formatted in a string-search
friendly way.
usage: eloglist [-?] [-s]
[\\computer [-u username]] [eventlog] |
| |
-? |
Displays the
supported options and the units of measurement used for output
values. |
| |
-s |
This switch has
ELogList print Event Log records one-per-line, with comma delimated
fields. This format is convenient for text searches, e.g. eloglist | findstr /i
text, and for importing the output into a spreadsheet. |
| |
-u username |
If you want to
view an Event Log on a remote system and the account you are executing in does
not have administrative privileges on the remote system then you must login as
an administrator using this command-line option. ELogList will prompt
you for the password without echoing your input to the display. |
| |
\\computer |
Instead of showing
process information for the local system, ELogList will show information
for the NT/Win2K system specified. Include the -u switch with a username and
password to login to the remote system if your security credentials do not
permit you to obtain performance counter information from the remote
system. |
| |
eventlog |
By default
ELogList shows the contents of the System Event Log. Specify a different
Event Log by typing in the first few letters of the log name, application,
system, or security. |
| How it Works |
Like
Win NT/2K's built-in Event Viewer and the Resource Kit's elogdump,
ELogList uses the Event Log API, which is documented in Windows Platform
SDK. |
| Related Utilities |
See
PsKill for a utility that will kill processes
running locally or on remote systems, and PsList for a utility that lists running processes on
the local or a remote computer. |
Download ELogList (21KB)
|
 |