Skip navigation

JSI Tip 4528. Freeware PsLogList dumps local and remote event logs.


Download PsLogList. I quote:

Introduction

The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides.

Installation

Just copy PsLogList onto your executable path, and type "psloglist".

PsLogList works on NT 3.51, NT 4.0, and Win2K.

Usage

The default behavior of PsLogList is to show the contents of the System Event Log on the local computer, with visually-friendly formatting of Event Log records. Command line options let you view logs on different computers, use a different account to view a log, or to have the output formatted in a string-search friendly way.

usage:

 psloglist \[-?\] \[-s\] \[\\computer \[-u username \[-p password\]\]\] \[-n # | -d #\] \[-x\] \[-c\]\[-r\] \[-a mm/dd/yy\]\[-b mm/dd/yy\]\[-f filter\] \[eventlog\] 
    -? Displays the supported options and the units of measurement used for output values. 

    -s This switch has PsLogList print Event Log records one-per-line, with comma delimated fields.
       This format is convenient for text searches, e.g. psloglist | findstr /i text, and for importing the output into a spreadsheet. 

    \\computer Instead of showing process information for the local system,
       PsLogList will show information for the NT/Win2K system specified. Include the -u switch with a username and password
       to login to the remote system if your security credentials do not permit you to obtain performance counter information from
       the remote system. 

    -u username If you want to view an Event Log on a remote system and the account you are executing in does not have 
       administrative privileges on the remote system then you must login as an administrator using this command-line option. 
       PsLogList will prompt you for the password without echoing your input to the display unless you specify the -p switch.
 
    -p password If you specify a user name and omit this switch PsLogList will prompt you for a password. 

    -n # Only display n most recent records. 

    -d # Only display records from previous n days. 

    -c Clear the event log after displaying. 

    -x Dump extended data. 

    -r Dump log from least recent to most recent. 

    -a Dump records timestamped after specified date. 

    -b Dump records timestamped before specified date. 

    -f Filter event types with filter string (e.g. "-f w" to filter warnings). 

    eventlog By default PsLogList shows the contents of the System Event Log. Specify a different Event Log by typing in the
       first few letters of the log name, application, system, or security.

How it Works

Like Win NT/2K's built-in Event Viewer and the Resource Kit's elogdump, PsLogList uses the Event Log API, which is documented in Windows Platform SDK. PsLogList loads message source modules on the system where the event log being viewed resides so that it correctly displays event log messages.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish