Microsoft KB Archive/323006

= How to use the Event Log Query tool (Elogdmp.exe) to display Event Log information in Windows 2000 =

Article ID: 323006

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q323006



IN THIS TASK
SUMMARY
 * Overview of Elogdmp
 * Examples

REFERENCES



SUMMARY
This step-by-step article describes how to use the Event Log Query Tool (Elogdmp.exe) to display event log information in Microsoft Windows 2000.

Elogdmp is available in the Windows 2000 Resource Kit. It is a command-line tool that you can use to display information from the Event Viewer logs of a local or remote Windows 2000-based computer. This tool &quot;dumps&quot; the contents of the log in comma-delimited format to the screen or to a file. You can then search the output to find and to view the information that you want. The information that Elogdmp displays include the following:
 * Date
 * Time
 * Source
 * Type
 * Category
 * Event ID
 * User
 * Computer

Any user on the network can use Elogdmp to view the contents of the Application log on any remote computer on the network. To view the contents of the System or Security log on a remote computer, you must be a member of the Domain Administrators or Administrators group on that computer.

back to the top

Overview of Elogdmp
Elogdmp uses the following syntax:

elogdmp

You can use the following parameters with Elogdmp:
 *  : Use this parameter to specify the name of the computer whose event logs you want to query.
 *  : Use this parameter to specify the event log that you want to display, where  is Application, Security, System, DNS Server, Directory Service, or File Replication Service.

NOTE: The DNS Server log is available only on DNS servers, and the Directory Service and File Replication Service logs are available only on domain controllers.

back to the top

Examples
 To display the contents of the Application log on a computer named Server1, type the following line at the command prompt, and then press ENTER:

elogdmp server1 application

NOTE: If the name of the log that you want to view contains a space, enclose the name of the log with quotation marks (&quot;&quot;).

The contents of the Application log of Server1 are displayed in comma-delimited format in the Command Prompt window. To display the contents of the DNS Server log on a computer named Server2 and to redirect the output to a file named Dnslog.txt, in the E:\Logs folder, type the following line at the command prompt, and then press ENTER:

elogdmp server2 DNS Server > e:\logs\dnslog.txt

NOTE: If the name of the log that you want to view contains a space, enclose the name of the log with quotation marks (&quot;&quot;).

The contents of the DNS Server log of Server2 are written to the E:\Logs\Dnslog.txt file in comma-delimited format.

back to the top

