XP Logman commandline utility

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Windows XP includes powerful commandline admin utilities including logman to manage logs. You can use the Logman.exe tool to:
  • Remotely start and stop log file data collections from a central location by specifying the remote computer name.
  • Configure a data collection on one computer and then copy that configuration to multiple computers from a central location.
  • Query currently-running logs and traces.

E:\Documents and Settings\Wayne>logman /?

Microsoft r Logman.exe (5.1.2600.0)
c Microsoft Corporation. All rights reserved.

Logman manages the "Performance Logs and Alerts" service for creating and
managing Event Trace Session logs and Performance logs.

logman VERB  [options]

  create         Create a new collection.
  start                         Start an existing collection and set the
                                begin time to manual.
  stop                          Stop an existing collection and set the end
                                time to manual.
  delete                        Delete an existing collection.
  query [collection_name|providers]  Query collection properties. If no
                                collection_name is given all collections are
                                listed. The keyword 'providers' will list all
                                of the registered Event Trace providers.
  update                        Update an existing collection properties.

               Name of the collection.

  -?                            Displays context sensitive help.
  -s                  Perform the command on specified remote
  -config             Settings file containing command options.
  -b   Begin the collection at specified time.
  -e   End the collection at specified time.
  -m <[start] [stop]>           Change to manual start or stop rather than a
                                scheduled begin or end time.
  -[-]r                         Repeat the collection daily at the specified
                                begin and end times.
  -o              Path of the output log file or the DSN and
                                log set name in a SQL database.
  -f   Specifies the log format for the collection.
  -[-]a                         Append to an existing log file.
  -[-]v [nnnnnn|mmddhhmm]       Attach file versioning information to the end
                                of the log name.
  -[-]rc              Run the command specified each time the log
                                is closed.
  -[-]max                Maximum log file size in MB or number of
                                records for SQL logs.
  -[-]cnf [[[hh:]mm:]ss]        Create a new file when the specified time has
                                elapsed or when the max size is exceeded.
  -c           Performance counters to collect.
  -cf                 File listing performance counters to collect,
                                one per line.
  -si <[[hh:]mm:]ss>            Sample interval for performance counter
  -ln              Logger name for Event Trace Sessions.
  -[-]rt                        Run the Event Trace Session in real-time
  -p  A single Event Trace provider to enable.
  -pf                 File listing multiple Event Trace providers
                                to enable.
  -[-]ul                        Run the Event Trace Session in user mode.
  -bs                    Event Trace Session buffer size in kb.
  -ft <[[hh:]mm:]ss>            Event Trace Session flush timer.
  -nb                  Number of Event Trace Session buffers.
  -fd                           Flushes all the active buffers of an existing
                                Event Trace Session to disk.
  -[-]u [user [password]]       User to Run As. Entering a * for the password
                                produces a prompt for the password. The
                                password is not displayed when you type it at
                                the password prompt.
  -rf <[[hh:]mm:]ss>            Run the collection for specified period of
  -y                            Answer yes to all questions without
  -ets                          Send commands to Event Trace Sessions
                                directly without saving or scheduling.
  -mode    Event Trace Session logger mode.

  Where [-] is listed, an extra - negates the option.
  For example --r turns off the -r option.

  logman create counter perf_log -c "\Processor(_Total)\% Processor Time"
  logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile
  logman start perf_log
  logman update perf_log -si 10 -f csv -v mmddhhmm
  logman update trace_log -p "Windows Kernel Trace" (disk,net)

See Also

See Also

Featured Links