Copyright © 2000 Mark Russinovich | ||
Last Updated August 30, 2000, Version 2.03 |
||
Introduction | The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. ELogList is a clone of elogdump except that ELogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and ELogList retrieves message strings from the computer on which the event log you view resides. | |
Installation | Just copy
ELogList onto your executable path, and type "eloglist". ELogList works on NT 3.51, NT 4.0, and Win2K. |
|
Usage | The default
behavior of ELogList is to show the contents of the System Event Log on
the local computer, with visually-friendly formatting of Event Log records.
Command line options let you view logs on different computers, use a different
account to view a log, or to have the output formatted in a string-search
friendly way. usage: eloglist [-?] [-s] [\\computer [-u username [-p password]]] [-n #] [-c] [eventlog] |
|
-? | Displays the supported options and the units of measurement used for output values. | |
-s | This switch has ELogList print Event Log records one-per-line, with comma delimated fields. This format is convenient for text searches, e.g. eloglist | findstr /i text, and for importing the output into a spreadsheet. | |
\\computer | Instead of showing process information for the local system, ELogList will show information for the NT/Win2K system specified. Include the -u switch with a username and password to login to the remote system if your security credentials do not permit you to obtain performance counter information from the remote system. | |
-u username | If you want to view an Event Log on a remote system and the account you are executing in does not have administrative privileges on the remote system then you must login as an administrator using this command-line option. ELogList will prompt you for the password without echoing your input to the display unless you specify the -p switch. | |
-p password | If you specify a user name and omit this switch ElogList will prompt you for a password. | |
-n # | Only display the number of most recent entries specified. | |
-c | Clear the event log after displaying. | |
eventlog | By default ELogList shows the contents of the System Event Log. Specify a different Event Log by typing in the first few letters of the log name, application, system, or security. | |
How it Works | Like Win NT/2K's built-in Event Viewer and the Resource Kit's elogdump, ELogList uses the Event Log API, which is documented in Windows Platform SDK. ELogList loads message source modules on the system where the event log being viewed resides so that it correctly displays event log messages. | |
Related Utilities | See PsKill for a utility that will kill processes running locally or on remote systems, and PsList for a utility that lists running processes on the local or a remote computer. | |