Pstools 的PsLoglist 說明
可以將本機或遠端電腦主機 log event 取出 並整併, 透過此功能, 結合Log Parser Lizard 讀取
讓管理更方便
例如:
====================================================
PsLogList dumps event logs on a local or remote NT system.
Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event source[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file]
@file Psloglist will execute the command on each of the computers
listed in the file. (從寫好檔案依序讀取目標電腦)
-a Dump records timestamped after specified date. (指定時間之後~格式: mm/dd/yy)
-b Dump records timestamped before specified date. (指定時間之前~格式: mm/dd/yy)
-c Clear event log after displaying. (清除)
-d Only display records from previous n days.
-e Exclude events with the specified ID or IDs (up to 10).
-f Filter event types, using starting letter (過濾讀取log檔的內容~以字母過濾方式)
(e.g. "-f we" to filter warnings and errors).
(五個單字~ w:警告, e:錯誤, i:訊息, audit success:審計成功, audit failure:審計失敗)
-g Export an event log as an evt file. (匯出)
-h Only display records from previous n hours.
-i Show only events with the specified ID or IDs (up to 10). (選定事件ID)
-l Dump the contents of the specified saved event log file.
-m Only display records from previous n minutes.
-n Only display n most recent records.
-o Show only records from the specified event source or sources
(e.g. "-o cdrom"). Append '*' to specify substring match.
-p Specifies password for user name.
-q Omit records from the specified event source or sources
(e.g. "-q cdrom").
Append '*' to specify substring match.
-r Dump log from least recent to most recent.
-s Records are listed on one line each with delimited
fields, which is convenient for string searches.
-t The default delimiter for the -s option is a comma,
but can be overriden with the specified character. Use "\t"
to specify tab.
-u Specifies optional user name for login to
remote computer.
-w Wait for new events, dumping them as they generate (local system
only.)
-x Dump extended data.
-z List event logs registered on specified system.
eventlog Specifies event log to dump. Default is system. If the
-l switch is present then the event log name specifies
how to interpret the event log file.
====================================================
讓管理更方便
例如:
====================================================
PsLogList dumps event logs on a local or remote NT system.
Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event source[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file]
@file Psloglist will execute the command on each of the computers
listed in the file. (從寫好檔案依序讀取目標電腦)
-a Dump records timestamped after specified date. (指定時間之後~格式: mm/dd/yy)
-b Dump records timestamped before specified date. (指定時間之前~格式: mm/dd/yy)
-c Clear event log after displaying. (清除)
-d Only display records from previous n days.
-e Exclude events with the specified ID or IDs (up to 10).
-f Filter event types, using starting letter (過濾讀取log檔的內容~以字母過濾方式)
(e.g. "-f we" to filter warnings and errors).
(五個單字~ w:警告, e:錯誤, i:訊息, audit success:審計成功, audit failure:審計失敗)
-g Export an event log as an evt file. (匯出)
-h Only display records from previous n hours.
-i Show only events with the specified ID or IDs (up to 10). (選定事件ID)
-l Dump the contents of the specified saved event log file.
-m Only display records from previous n minutes.
-n Only display n most recent records.
-o Show only records from the specified event source or sources
(e.g. "-o cdrom"). Append '*' to specify substring match.
-p Specifies password for user name.
-q Omit records from the specified event source or sources
(e.g. "-q cdrom").
Append '*' to specify substring match.
-r Dump log from least recent to most recent.
-s Records are listed on one line each with delimited
fields, which is convenient for string searches.
-t The default delimiter for the -s option is a comma,
but can be overriden with the specified character. Use "\t"
to specify tab.
-u Specifies optional user name for login to
remote computer.
-w Wait for new events, dumping them as they generate (local system
only.)
-x Dump extended data.
-z List event logs registered on specified system.
eventlog Specifies event log to dump. Default is system. If the
-l switch is present then the event log name specifies
how to interpret the event log file.
====================================================