PsLogList – Windows CMD Command
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 118
Notice: A non well formed numeric value encountered in /home/future4tech/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_formatter.class.php on line 119
Event log records
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
Syntax psloglist [- ] [\\computer[,computer[,...] | @file [-u user [-p passwd]]] [-s [-t delim]] [-m #|-n #|-h #|-d #|-w] [-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy] [-f filter] [-i ID[,ID[,...] | -e ID[,ID[,...]]] [-o event source[,event source][,..]]] [-q event source[,event source][,..]]] [-l event_log_file] <eventlog> Options: computer The computer on which the log resides. Default=local system -p passwd Specify a password for user (optional). Passed as clear text. If omitted, you will be prompted to enter a hidden password. -u user Specify a user name for login to remote computer(optional). @file Execute the command on each of the computers listed in the file. -a Dump records timestamped after specified date. -b Dump records timestamped before specified date. -c Clear the event log after displaying. -d # Only display records from previous # days. -e ID Exclude events with the specified ID or IDs (up to 10). -f filter Filter event types with filter string (e.g. "-f w" to filter warnings). -h # Only display records from previous # hours. -i ID Show only events with the specified ID or IDs (up to 10). -l event_log_file Dump records from the specified event log file. -m # Only display records from previous # minutes. -n # Only display # number of most recent entries. -o event source Show only records from the specified event source (e.g. \"-o cdrom\"). -q event source Omit records from the specified event source or sources (e.g. \"-q cdrom\"). -r Dump log from least recent to most recent. -s Print Event Log records one-per-line, with comma delimited fields. This format is convenient for text searches, e.g. psloglist | findstr /i text and for importing the output into a spreadsheet. -t delim The default delimeter is a comma, but can be overriden with the specified character. -w Wait for new events, dumping them as they generate (local system only). -x Dump extended data. eventlog application, system or security, only the first few letters need be used. default=system log. -accepteula Suppress the display of the license dialog. |
If your current security credentials would not permit access to the Event Log, specify a different username ( -u user ).
When launched for the first time, PsLogList will create the regkey
HKCU\Software\Sysinternals\PsLogList\EulaAccepted=0x01
1 2 3 4 5 |
Examples: List everything in the application event log on \\workstationF4T from the last 24 hours: psloglist \\workstationF4T -h 24 application |
Good write-up, I am normal visitor of one’s web site, maintain up the nice operate, and It’s going to be a regular visitor for a lengthy time.