How to use the Event Log Management Script tool (Eventlog.pl) to manage event logs in Windows 2000

This article describes how to use the Event Log Management Script tool (Eventlog.pl) to manage Event Viewer logs of Windows 2000-based computers.

????? ?? ???????? ?? ???????????? ?? ????? ???? ?? ?? ???????? ?? ?? ???? ????????? ?? ???? ??? ??? ????? ????????? ??? ??? ?? ?????????? ?????? ??? ????? ?????? ??? ?????????, ???????, ?? ?????? ????? ??? ???? ??????? ??????? ??? ????? ??? ??, ????? ?????????? ???? ?? ??? ???? ?? ??? ?? ????? ????????? ???? ??? ????? ?????????? ?? DNS ??????? ?? DNS ????? ??? ?? ????? ???? ?????????, ??????????, ?? ?????? ????? ?? ???? ??? ??????? ??????? ???? ?? ???, ?? ?? ??????? ?? ?????? ???????? ?? ??????? ????? ?????? ???? ?? ??? ?? ????? ?????? ?? ????? ?? ????? ???????? ???????? ?? ??????? predict ??? ??? ???? ?? ??? ?? ??????? ?? ????? ?? ??????? ???????? ?????? ?? ????? ?? ??? ?? ????? ??? ?? ????? ?? ?????

Eventlog.pl Windows 2000 ?????? ??? Supplement 1 ??? ?????? ??? ?? ????? ????? ??? ??????? ????? ???? ?? ??? ?? ????????? ????? ?? ????? ?? ???? ???:

• ????? ??? ?? ??? ????????? ?????
• (??????) ????? ??? ?? ????? ????
• ????? ??????? ??? ????? ??? ??????? ?????
• (?????) ???? ???? ????? ??? ?? ??? ??????
• ????? ??? ?? ????? ?? ?????? ?????

??????????: ?? ???? ????? Eventlog.pl ??? ?? ????? ??? ?????? ????????? ???? ?? ??? ???? ???? ?? ????? ????? Eventlog.pl ????? ??? ??????? violate ?? ???? ??? ???? ?????, ?????????? ??????? ?? ?????? ?? ??? ????? ???? ???? ?????? ineffective ?? ???? ??:

• ??????LogName??? ????
• ???LogName???
• ?????? ?? ??? ??????LogName???

Eventlog.pl ?? ??? ?????? ??????????

Eventlog.pl ????? ???????? ?? ???? ?? ?? ?? ?????? ???????? (?? ???? ?? ???? ????? ???????? ?? ???????? ?? ???? ??) ?? ????? ???? ??? ????? ??? ?? ??????? ?? ?????? ???????? ?? ???????? ???? ?? ??? ?? Eventlog.pl ?? ????? ?? ???? ???, ???? ?? ???? ?? ?? ????? ??? ??? ?????? ?????????? ???? ?? ?? ?????? ?????

????? ????????

• ???????? ?? Windows 2000 Professional ?? Windows 2000 ????? ?? ??? ???
• ActiveState ActivePerl ????? 521 ??????? ???? ??? ??? ?? ????????? Windows 2000 ?????? ??? ??? ?????? ???
  
  ???????? ?????? ?? ??? ?? ???????? ???? Windows 2000 ?????? ??? Supplement 1 ??? ????? ??? ?? Perl ????????? ????? ?? ???? ?????? ??? WMI ??????? ???????, wmi.pm, ??? ???? ?????Perl ??????? ???????\Site\Lib\W2rk ???????? ?????? ??? ????? ????????? ?????????? W2rk ??????? ????? ?? ?? ?? ??????? ?? ??? wmi.pm ????? ?? ????????? ????? ???
  
  ????? ?? ????? W2rk ??????? ?? ????: ????? ???? ??, ??? ?? ?? ???? ??? ???????? ??? ?? ??? ????? ?? ?????? ??? ?? Eventlog.pl ????? ?? ??? ???????? ????? ??? ???? ?? ??? ???? ???? ?? ???? ??? ???? ??????? ?? ??? ??????????? ???????? ???? ??? ??? ??? ????
• ???? ??? ?? ???? ?????????? ???? ?? ????? ?? ??? ??? ??? ?? ??????? ??? ??????? ?? ????? ?? ????????? ???? ?? ???? ????? ??? ???? ???? ????? ????

?????? ????????

?????? ???????? ????? ?????? Windows 2000 Professional ?? Windows 2000 ??????

Eventlog.pl ?? ????????? ??????

Eventlog.pl ????? ??????? ????????, ?? ????? ???? ?? ????-????????????????? ?? ??? ???? ??? ?? ???? ??? ?? ????? ?????? ??? ?? ?? ??:????? ???? ????? ???? ?? ?? ???????? ????????? ?? Eventlog.pl ?? ??? ????? ?? ???? ???:Each operation uses its own syntax.

????????? ????

Theeventlog.pl -changestatement uses the following syntax:You can use the following parameters witheventlog.pl -change:

• eventlog[eventlog...] | *: ????? ??? ?? ???? ?? ????? ????? ??? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ?? ???? ????? ??? ??? ????????? ???? ????? ???, ?? ????? ?? ???????? ??? ???? ??? ?? ??? ????? ??? ??? ????????? ???? ????? ???, ?? ??????????? ???? (*) ?? ????? ????? ??? ????? ??? ??? ??? ?? ????? ??, ??? ?????? ????? ?? ??? ("")?
• -s????????: ??? ?? ???? ?????? ???????? ?? ??????? ????????? (IP) ??? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ???????? ?? ?? ?????, ??????? ???????? ????????? ???
  • -udomain\user: Use this parameter to specify the user account with which to run Eventlog.pl. If you omit this parameter, Eventlog.pl uses the permissions of the currently logged-on user. If you use this parameter, you must also use the-pparameter to provide the user's password.
  • -p???????: Use this parameter to specify the password of the user account that is specified by the-u????????? The-pparameter is required when you use the-u?????????
    
    ???:: Both the-p, ??-uparameters are available only when you use the-s?????????
• -setmaxsize????: ???????? (KB) ??? ????? ??? ?? ?????? ???? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ?? ??? ????? ?????? ?? ?? ???? ?????? 64 ?? ?? ?? ?? ???? ?? ???????????? ???? ???????? ??? ??????? ????????????????? ????? ?? ??? ????? ????
• -setbehavior asneeded | olderthanx| ??? ????: ????? ??? ???? ?????? ???? ?? ????? ???? ?? ?? ?? ?? ?????? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ?????
  • asneeded: ?? ???????? ?? ????? ??? ?? ?? ????? ?????? ????? ??? ??? ???????? ???? ????? ????
  • olderthanx: ?? ???????? ?? ????? ?? ?? ?????? ????? ?? ???????? ???? ????? ??? ???x, ????x????? ?? ?????? ?? ???????????? ???? ??? ??? ??? ???? ??? ?? ?? ??? ????? ?? ???????? ???? ?? ??? ?????? ???????? ???? ??, ?? ?? ????? ??? ?? ????
  • ??? ????: ????????? ???? ?? ?? ???? ????? ??????? ?? ???????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ???? ??? ??, ?? ?? ????? ??? ?? ???? ?? ????? ???? ?? ???, ??? ???? ???? ?????
  ?? ?????? ?? ???? ???? ?????? ??? ???? ????? ????? ????? ??? ??? ????????? ???
  
  
• -???????????? ????: Use this parameter to set the maximum log size to 512 KB and to specify that events older than seven days are overwritten. This parameter is the equivalent of clickingRestore Defaultsin the event log properties.
  
  ???:: The-restoreparameter takes precedence over the-setmaxsize, ??-setbehavior????????? ?? ?? ????? ????-restoreparameter, any-setmaxsize, ??-setbehaviorparameters that are in the command are ignored.

?????

Theeventlog.pl -backupstatement uses the following syntax:?? ??? ????? ???????? ?? ????? ?? ???? ???eventlog.pl - ?????:

• eventlog[eventlog...] | *: ??? ?? ???? ????? ???? ??? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ?? ???? ????? ??? ??? ????? ???? ????? ???, ?? ????? ?? ???????? ??? ???? ??? ?? ??? ????? ??? ??? ????? ???? ????? ???, ?? ??????????? ???? (*) ?? ????? ????? ??? ????? ??? ??? ??? ?? ????? ??, ?? ??? ??? ?????? ????? ?? ??? ("")?
• -s????????: ??? ?? ???? ?????? ???????? ?? IP ??? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? If you omit this parameter, the local computer is specified.
  • -udomain\user: Use this parameter to specify the user account with which to run Eventlog.pl. If you omit this parameter, Eventlog.pl uses the permissions of the currently logged-on user. If you use this parameter, you must also use the-pparameter to provide the user's password.
  • -p???????: Use this parameter to specify the password of the user account that is specified by the-u????????? The-pparameter is required when you use the-u?????????
    
    ???:: Both the-p, ??-uparameters are available only when you use the-s?????????
• -format evt|txt|csv: ????? ??? ?? ????? ????????? ?? ?? ?????? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ???????? ?? ??? Eventlog.pl evt ?????? ?? ????? ???? ???
  
  ???:
  • ??? evt ???????? ??????? ???? ??? ?? ???? ?????? ??? ????? ???? ??? ?? ?? ????? ???
  • ?? evt ?????? ?? ????? ?? ?????? ????? ??? ?? ????? ???? ?? ???? ??? ?????? ??? ?????, txt ?? csv ?????? ?? ????? ????.?
• -?????????[-?????????]: ????? ?????? ?? ????? ???? ??? ?? ??? ?? ????? ??? ?? ????????? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ????:??????:\??\FileName. ??? ?? ?? ???????? ?? ??? Eventlog.pl ??? ??????? ????? ?????? ?? ????? ????:Logname.Format(for example, System.evt).
  
  If you use more than one file name, Eventlog.pl backs up one log to each file on the list in the order in which the file names appear. You must list the file names in the same order that you list the logs in the command. Extra file names are ignored.
  
  You can only use the-fileparameter if you specify log names in the command. This parameter is not valid when the file names contain wildcard characters (*).

???????

Theeventlog.pl -exportstatement uses the following syntax:?? ??? ????? ???????? ?? ????? ?? ???? ???eventlog.pl - ???????:

• eventlog[eventlog...] | *: ????? ??? ?? ?? ??????? ???? ????? ??? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ?? ???? ????? ??? ?? ??????? ???? ????? ???, ?? ????? ?? ???????? ??? ???? ??? ?? ??? ????? ??? ?? ??????? ???? ????? ???, ?? ??????????? ???? (*) ?? ????? ????? ??? ????? ??? ??? ??? ?? ????? ??, ?? ??? ??? ?????? ????? ?? ??? ("")?
• -s????????: ??? ?? ???? ?????? ???????? ?? IP ??? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ???????? ?? ?? ?????, ??????? ???????? ????????? ???
  • -udomain\user: Use this parameter to specify the user account with which to run Eventlog.pl. If you omit this parameter, Eventlog.pl uses the permissions of the currently logged-on user. If you use this parameter, you must also use the-pparameter to provide the user's password.
  • -p???????: Use this parameter to specify the password of the user account that is specified by the-u????????? The-pparameter is required when you use the-u?????????
    
    ???:: Both the-p, ??-uparameters are available only when you use the-s?????????
• -format txt | csv: Use this parameter to specify the format of the exported file. ??? ?? ?? ???????? ?? ??? Eventlog.pl txt ?????? ?? ????? ???? ???
• -?????????[-?????????]: ????? ?????? ?? ????? ???? ?????? ????? ?? ??? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ????:??????:\??\FileName. ??? ?? ?? ???????? ?? ??? Eventlog.pl ??? ??????? ????? ?????? ?? ????? ????:Logname.Format(?????? ?? ???, application.txt)?
  
  ??? ?? ?? ?? ???? ???? ??? ?? ????? ????, Eventlog.pl ?? ??? ??? ??? ???? ??? ???? ?? ???????? ????? ?? ??? ????? ?? ??? ??? ??????? ???? ??? ?? ??? ???? ??? ???? ??? ???? ??? ????? ????? ?? ???? ???? ?????? ???????? ????? ?? ??? ?? ????? ???? ???? ???
  
  You can only use the-fileparameter if you specify log names in the command. This parameter is not valid when the file names contain wildcard characters (*).

??????

Theeventlog.pl -clearstatement uses the following syntax:You can use the following parameters witheventlog.pl -clear:

• eventlog[eventlog...]| *: Use this parameter to specify the event logs that you want to clear. If you want to clear two or more event logs, separate each log with a space. If you want to clear all event logs, use the wildcard character (*). ??? ????? ??? ??? ??? ?? ????? ??, ?? ??? ??? ?????? ????? ?? ??? ("")?
• -s????????: ??? ?? ???? ?????? ???????? ?? IP ??? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ???????? ?? ?? ?????, ??????? ???????? ????????? ???
  • -udomain\user: ?? ??? Eventlog.pl ????? ?? ??? ?? ?? ?????????? ???? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ???????? ?? ??? Eventlog.pl ??????? ??? ???-?? ?????????? ?? ????????? ?? ????? ???? ??? ??? ?? ?? ???????? ?? ????? ???? ?? ?? ????? ????-p?????????? ?? ??????? ?????? ???? ?? ??? ???????? ???
  • -p???????: Use this parameter to specify the password of the user account that is specified by the-u????????? The-pparameter is required when you use the-u?????????
    
    ???:: Both the-p, ??-uparameters are available only when you use the-s?????????

??????

Theeventlog.pl -querystatement uses the following syntax:You can use the following parameters witheventlog.pl -query:

• eventlog[eventlog...]| *: Use this parameter to specify the event logs that you want to query. If you want to search two or more event logs, separate each log with a space. ??? ?? ??? ????? ??? ??? ??? ???? ????? ???, ?? ??????????? ???? (*) ?? ????? ????? ??? ????? ??? ??? ??? ?? ????? ??, ?? ??? ??? ?????? ????? ?? ??? ("")?
• -s????????: ??? ?? ???? ?????? ???????? ?? IP ??? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ???????? ?? ?? ?????, ??????? ???????? ????????? ???
  • -udomain\user: ?? ??? Eventlog.pl ????? ?? ??? ?? ?? ?????????? ???? ?? ????????? ???? ?? ??? ?? ???????? ?? ????? ????? ??? ?? ?? ???????? ?? ??? Eventlog.pl ??????? ??? ???-?? ?????????? ?? ????????? ?? ????? ???? ??? ??? ?? ?? ???????? ?? ????? ???? ?? ?? ????? ????-p?????????? ?? ??????? ?????? ???? ?? ??? ???????? ???
  • -p???????: Use this parameter to specify the password of the user account that is specified by the-u????????? The-pparameter is required when you use the-u?????????
    
    ???:: Both the-p, ??-uparameters are available only when you use the-s?????????
• -format table|????|csv: Use this parameter to specify the output format. If you omit this parameter, Eventlog.pl uses the table format, by default.
• -v: Use this parameter to add the CreationDate, LastModified, LastAccessed, MaxLogSize, and LogBehavior fields to the display.

??????

• 2688 KB ???? ?? ??? ??????? ???????? ?? ?????? ??? ?? ?????? ???? ??? ????, ?? ????????? ???? ?? ?????? ????? ?? ????? ??? ?? ????? ???? ?? ???????? ?? ??? ???, ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
  eventlog.pl - ?????? - setmaxsize 2688 - setbehavior asneeded ????????? ????
• Corp ??? Server8 ???? ?? ?????? ???????? ?? ??? ????? ??? ?? ???? ??? ???????????? ???? ?? ??? ?????????? ???? ?? ????? ???? Eventlog.pl ?? ????? ?? ??? ?????? ???? ?? ??? ????? ???? 512 KB ?? ?? ????????? ???? ?? ????? ?? ??? ??? ???????? ???? ??? ??? ??? ?????, ?????? ????? ?????? ???? ????? ????????? ?? ???? ?? ??? ??? ?? ????, ?? ???? ??? ENTER ?????:
  eventlog.pl - ???????? * server8 -u corp\administrator -s -p???????-???????????? ????
• DNS ????? ??? ?? ??????? evt ?????? ?? ????? ??? (?????? Server.evt) ?? ????? ??????? ???????? ?? ????? ???, ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
  eventlog.pl - "?????? ?????" ?????
• ????? ?????? ??? ?? ??????? txt ?????? ?? ????? ??? (System.txt) ?? ????? ??????? ???????? ?? ??????? ????, ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
  eventlog.pl - ??????? ??????
• Server5 ??? ???? ???????? ?? ????????? ?? ?????? ??? ??? ?? ??? ????? ?? ???, ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
  eventlog.pl - ?????? -s server5 ?????? ?????????
• ???? ?????? ??? Server8 ??? ???? ???????? ?? ??? ????? ??? ?? ??? ????????? ????, ?? ?????? D:\Reports\Srv8logs.log ????? ?? ?????????????? ????, ????? ????????? ?? ????? ?????? ???? ????, ?? ???? ??? ENTER ?????:
  eventlog.pl - ?????? *-???? - v ???????? ???? > d:\reports\srv8logs.log

?????? ??????

?? ?????? ???? ??? Eventlog.pl ????? ?? ???, ???? ????? ?????? ????? ??????? ???? ??:?? ??????? ?? ?? ???? ?? ??? ???????? ???????? ???? ?? ??? ?????? ?? Windows 2000 ?????? ??? Supplement 1 ??? ????? Perl ????????? ????? ?? ???? Eventlog.pl ?? ?????, W2rk ?????? ?????? ??? ?????Perl ??????? ???????\site\lib ???????, ?? ??? ??? ???? ????? wmi.pm ??????

?? ??????? ?? ?????? ?? ??? ???????? ??? ?? ?????? ??? ?? Perl ????????? ????? ?? ??? ???????? ????:

1. ???? ?????? ??? W2rk ??? ?????Perl ??????? ???????\Site\Lib ????????
   
   ???:: ???????Perl ??????? ???????????????: \Perl ???????????????? ?? ??? ?? Windows ??????? ???
2. ??? 1 ??? ???? ?????? ???? ?? W2rk ??????? ?? ??? ??????? ?? ?????? Windows 2000 ?????? ??? ??????? ?? (????????, ????????? Files\Resource ???) ?? wmi.pm ????? ?? ????????? ??????

????? ?????? ??? ?? ????? ????????? ???? ?? ??? ????? ?????? ????????? ????? (Eventquery.pl) ?? ????? ???? ???? ?? ???? ??? ???????? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:????? ????? ??? ?? ????? ?? ??? ????? ?????? ?????? (Logevent.exe) ?? ????? ???? ???? ?? ???? ??? ???????? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:????? ?????? ??? ??? ???? ????? ?? ???? ???????? ???? ?? ???? ??? ???????? ??????? ?? ???, ????? ???? ???????? ?? ????? ?? ?????? ?? Microsoft ???????? ??? ?????::Windows 2000 ?????? ??? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????::