The LOGMAN command in Windows is a versatile tool used to create and manage Event Trace Session and Performance logs. It allows users to control performance data collection and Event Trace Sessions, providing crucial information for system monitoring and trouble-shooting. This tool is particularly effective for system administrators and developers looking to optimize performance or diagnose issues in a Windows environment.


The general syntax of the LOGMAN command is as follows:

LOGMAN [create | query | start | stop | delete | update | import | export] [options]
  • create: Creates a new counter, trace, API, or configuration data collector.
  • query: Displays data collector properties.
  • start: Starts the data collector.
  • stop: Stops the data collector.
  • delete: Deletes the data collector.
  • update: Updates the properties of an existing collector.
  • import: Creates data collectors from an XML file.
  • export: Exports data collectors to an XML file.

Each of these commands comes with its own set of parameters and options that can be used to specify and customize the operation.


Here is a list of common options used with LOGMAN:

  • -s <computer>: Specifies the target computer.
  • -config <filename>: Specifies a configuration file to use with the command.
  • -[-]r: Specifies whether to enable or disable remote procedure call (RPC) functionality.
  • -[-]ets: Directs the command to execute immediately without saving or scheduling.
  • -name <name>: Names the event trace data collector.

Using these flags changes how LOGMAN behaves, for example, -ets allows for immediate execution which is useful for quick diagnostics.


Example 1: Creating a Performance Counter

LOGMAN create counter PerfLog1 -o C:\perflogs\log1.blg -f bin -v mmddhhmm -cf config.txt

This example creates a new performance counter named PerfLog1 that outputs to a binary file.

Example 2: Starting a Data Collector

LOGMAN start PerfLog1

This command starts the data collector named PerfLog1.

Example 3: Stopping and Deleting a Data Collector

LOGMAN stop PerfLog1
LOGMAN delete PerfLog1

This sequence stops the PerfLog1 data collector and then deletes it.

Common Issues

Issue 1: Permission Errors
When running LOGMAN, make sure you have administrative privileges as many operations need elevated permissions.

Issue 2: Missing Collector Name
Always specify a collector name. Omitting it can cause the command to fail, as it won’t have a target collector.


LOGMAN can be scripted together with other commands like SCHTASKS for scheduling:

SCHTASKS /Create /TN "Log Performance" /TR "LOGMAN start PerfLog1" /SC WEEKLY

This script sets a scheduled task to start a data collector every week.

  • PERFMON: Monitor system performance and save data in logs or reports.
  • TRACERT: Trace path packets take to a network host.

More about these commands can be found in the Windows Command-Line Reference or Microsoft Documentation online.

These are the basics of using LOGMAN effectively in Windows environments for performance and event trace management.