How to use the Event Log Query tool (Elogdmp.exe) to display Event Log information in Windows 2000 (323006)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q323006 SUMMARY This step-by-step article describes how to use the Event
Log Query Tool (Elogdmp.exe) to display event log information in Microsoft
Windows 2000. Elogdmp is available in the Windows 2000 Resource Kit.
It is a command-line tool that you can use to display information from the
Event Viewer logs of a local or remote Windows 2000-based computer. This tool
"dumps" the contents of the log in comma-delimited format to the screen or to a
file. You can then search the output to find and to view the information that
you want. The information that Elogdmp displays include the following:
- Date
- Time
- Source
- Type
- Category
- Event ID
- User
- Computer
Any user on the network can use Elogdmp to view the contents of
the Application log on any remote computer on the network. To view the contents
of the System or Security log on a remote computer, you must be a member of the
Domain Administrators or Administrators group on that computer.
back to the top
Overview of Elogdmp Elogdmp uses the following syntax: elogdmp ComputerName EventLog You can use the following parameters with Elogdmp:
- ComputerName: Use this parameter to specify the name of the computer whose
event logs you want to query.
- EventLog: Use this parameter to specify the event log that you want to
display, where EventLog is Application, Security,
System, DNS Server, Directory Service, or File Replication Service.
NOTE: The DNS Server log is available only on DNS servers, and the
Directory Service and File Replication Service logs are available only on
domain controllers.
back to the top
Examples- To display the contents of the Application log on a
computer named Server1, type the following line at the command prompt, and then
press ENTER:
elogdmp server1 application
The contents
of the Application log of Server1 are displayed in comma-delimited format in
the Command Prompt window. - To display the contents of the DNS Server log on a computer
named Server2 and to redirect the output to a file named Dnslog.txt, in the
E:\Logs folder, type the following line at the command prompt, and then press
ENTER:
elogdmp server2 DNS Server > e:\logs\dnslog.txt
The contents
of the DNS Server log of Server2 are written to the E:\Logs\Dnslog.txt file in
comma-delimited format.
back to the top
REFERENCES For additional information
about how to view and to manage logs in Event Viewer, click the following
article numbers to view the articles in the Microsoft Knowledge Base: 302542
Diagnose system problems with
Event Viewer in Microsoft Windows 2000
315417 How to move Event Viewer log files to another location in Windows 2000 and in Windows Server 2003
For additional information about how to use the Event Query
Script Tool (Eventquery.pl) to display events from Event Viewer logs, click the
following article number to view the article in the Microsoft Knowledge Base: 317381
How to use the Event Query Script tool (Eventquery.pl) in Microsoft Windows 2000
For additional information about
how to use the Event Logging Utility (Logevent.exe) to create and to log custom
events, click the following article number to view the article in the Microsoft
Knowledge Base: 315410
How to use the Event Logging utility (Logevent.exe) to create and log custom events in Event Viewer in Windows 2000
For additional information about how to use the
Event Log Management Script Tool (Eventlog.pl) to manage event logs , click the
following article number to view the article in the Microsoft Knowledge Base: 318763
How to use the Event Log Management Script tool (Eventlog.pl) to manage event logs in Windows 2000
For more information about the Windows 2000
Resource Kit, visit the following Microsoft Web site:
back to the top
| Modification Type: | Major | Last Reviewed: | 9/27/2006 |
|---|
| Keywords: | kbHOWTOmaster KB323006 |
|---|
|