Latest Security News

Show All

PSlogslist - dumping log from remote computer

from sysinternals pstool
examples:
C:\pstools>psloglist -a 1/09/07 app -f error >c:\error.txt

-a=from a date app=application log -f=filter by first letter

CODE
usage: psloglist [[\\computer[,computer[,..] | @file [-u user [-p psswd]]] [-s [-t delimiter]] [-n #|-h#|-d #] [-x] [-c][-r][-a mm/dd/yy][-b mm/dd/yy][-f filter] [-i ID[,ID[,..]] [-o event source] [-l event log file] [eventlog]

computer Perform the command on the remote computer or computers specified. If you omit the computer name the command runs on the local system, and if you specify a wildcard (\\*), the command runs on all computers in the current domain.
@file Run the command on each computer listed in the text file specified.
-u Specifies optional user name for login to remote computer.
-p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
-s This switch has PsLogList print Event Log records one-per-line, with delimited fields. This format is convenient for text searches, e.g. psloglist | findstr /i text, and for importing the output into a spreadsheet.
-t The default delimeter for the -s option is a comma, but can be overriden with the specified character.
-n # Only display n most recent records.
-h # Only display records from previous n hours.
-d # Only display records from previous n days.
-c Clear the event log after displaying.
-x Dump extended data.
-r Dump log from least recent to most recent.
-a Dump records timestamped after specified date.
-b Dump records timestamped before specified date.
-f Filter event types with filter string (e.g. "-f w" to filter warnings).
-i Show only events with the specified ID or IDs (up to 10).
-o Show only records from the specified event source (e.g. "-o cdrom").
-l Dump the contents of the specified saved event log file.
eventlog By default PsLogList shows the contents of the System Event Log. Specify a different Event Log by typing in the first few letters of the log name, application, system, or security. If the -l switch is present then the event log name specifies how to interpret the event log file.
פורסם על ידי
תוויות: