PsLogList - CMD

Overview

PsLogList is a command-line utility designed for Windows systems that helps users view and manage event log records. This tool can retrieve event log data from local or remote computers, making it especially useful for systems administrators and IT security experts to monitor and troubleshoot system behaviors or security-related events effectively.

Syntax

The basic syntax for using PsLogList is:

PsLogList [options] [\\computer[,computer[,...]]] [eventlog]
  • \\computer specifies the remote computer(s) to connect to. If omitted, the command targets the local system.
  • eventlog is the name of the event log to pull records from (e.g., Application, System, Security). The default log is System.

Options/Flags

  • -a <mm/dd/yy> : Dump records timestamped after the specified date.
  • -b <mm/dd/yy> : Dump records timestamped before the specified date.
  • -c : Clear the event log after displaying.
  • -h : Show usage information.
  • -i <ID> : Show only events with specified event IDs.
  • -n <count> : Show only the most recent specified number of entries.
  • -s : Show event log records in chronological order (oldest first).
  • -x : Dump event logs with XML formatting.
  • -w : Wait for new events, displaying them as they are logged.

Examples

  1. Basic Usage to List System Log:

    PsLogList

    This command will display event records from the System log of the local machine.

  2. View Events from a Remote Computer:

    PsLogList \\RemotePCName

    View the System event log entries from RemotePCName.

  3. Filter Events by Date:

    PsLogList -a 01/01/2022 -b 01/31/2022

    Displays events logged between January 1, 2022, and January 31, 2022.

  4. Display and Clear Logs:

    PsLogList -c

    Displays the System log entries before clearing the log.

Common Issues

  • Permission Errors: Ensure you have the necessary administrative privileges to access or clear logs, especially on remote machines.
  • Incorrect Date Format: Dates must be in mm/dd/yy format. Errors occur if the format is wrong.
  • Network Issues: When accessing logs on remote computers, ensure network connectivity and proper permissions are in place.

Integration

PsLogList can be combined with other tools for enhanced monitoring or scripting. For example:

PsLogList | find "Error" > errorlog.txt

This command chain filters for “Error” entries in the event log and outputs them to a text file, which can be useful for detailed error analysis.

  • Eventcreate: Allows you to create custom event log entries.
  • Eventvwr.msc: Opens the Event Viewer to visually browse and manage event logs.

For further reading and more detailed information, visit the Microsoft Technet website or the Sysinternals help forums, where documentation and user communities may provide additional insights.