Pstools 的PsLoglist 說明

可以將本機或遠端電腦主機   log event 取出   並整併, 透過此功能, 結合Log Parser Lizard 讀取
讓管理更方便

例如:

====================================================
PsLogList dumps event logs on a local or remote NT system.

Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event source[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file]
     @file     Psloglist will execute the command on each of the computers
               listed in the file.     (從寫好檔案依序讀取目標電腦)
     -a        Dump records timestamped after specified date.   (指定時間之後~格式: mm/dd/yy)
     -b        Dump records timestamped before specified date.   (指定時間之前~格式: mm/dd/yy)
     -c        Clear event log after displaying.   (清除)
     -d        Only display records from previous n days.
     -e        Exclude events with the specified ID or IDs (up to 10).
     -f        Filter event types, using starting letter           (過濾讀取log檔的內容~以字母過濾方式)
               (e.g. "-f we" to filter warnings and errors).
     (五個單字~ w:警告, e:錯誤, i:訊息, audit success:審計成功,  audit failure:審計失敗)
     -g        Export an event log as an evt file.   (匯出)
     -h        Only display records from previous n hours.
     -i        Show only events with the specified ID or IDs (up to 10). (選定事件ID)
     -l        Dump the contents of the specified saved event log file.
     -m        Only display records from previous n minutes.
     -n        Only display n most recent records.
     -o        Show only records from the specified event source or sources
               (e.g. "-o cdrom"). Append '*' to specify substring match.
     -p        Specifies password for user name.
     -q        Omit records from the specified event source or sources
               (e.g. "-q cdrom").
               Append '*' to specify substring match.
     -r        Dump log from least recent to most recent.
     -s        Records are listed on one line each with delimited
               fields, which is convenient for string searches.
     -t        The default delimiter for the -s option is a comma,
               but can be overriden with the specified character. Use "\t"
               to specify tab.
     -u        Specifies optional user name for login to
               remote computer.
     -w        Wait for new events, dumping them as they generate (local system
               only.)
     -x        Dump extended data.
     -z        List event logs registered on specified system.
     eventlog  Specifies event log to dump. Default is system. If the
               -l switch is present then the event log name specifies
               how to interpret the event log file.
====================================================


這個網誌中的熱門文章

超級終端機(hyperterminal)

系統管理員已禁止您執行此app

提供的認證不足 無法存取這個印表機