DUMPEL.EXE Can Interpret Event Log Hex DataLast reviewed: April 24, 1995Article ID: Q129266 |
The information in this article applies to:
SUMMARYWhen an event log entry refers to hex data for more information, try using Dump Event Log (included in the Windows NT 3.5 Resource Kit). In many cases, Dump Event Log (DUMPEL.EXE) will interpret the hex data and convert it to a more readable form. For example, running "DUMPEL -l system -m dhcpserver -s myserver" (without the quotation marks), displays:
4/11/95 4:58:39 AM 1 0 1016 N/A DhcpServer REDIPSRVP2 %%20013The %%20013 valuse is the hex data interpreted by DUMPEL.EXE. The 1016 error above referred to hex data 0x2d4e. Swapping the bytes and converting to decimal yields 20013 as above.
MORE INFORMATIONDump Event Log is a command-line utility that can be used to dump an event log for a local or remote system into a tab-separated text file. This utility can also be used to filter for certain event types and to filter out certain event types. To use Dump Event Log, type dumpel with the appropriate switches at the command prompt:
dumpel [-s server] [-f file] [-l log [-m source] [e n1 n2 n3...] [-r] [-t] -s serverSpecifies the server that contains the event log you want to dump. Leading backslashes on the server name are optional.
-f fileSpecifies the filename for the output file. The default is STDOUT.
-l logSpecifies which log (system, application, security) to dump. If an invalid logname is specified, the application log is dumped.
-m sourceSpecifies in which source (such as Rdr, Serial, ...) to dump records. Only one source can be supplied. If this switch is not used, all events are dumped. If a source is used that is not registered in the Registry, the application log will be searched for records of this type.
-e n1 n2 n3 ...Filters for event ID nn (up to 10 can be specified). If the -r switch is not used, only records of these types are dumped; if -r is used, all records except records of these types are dumped. If this switch is not used, all events from the specified sourcename are selected. You cannot use this switch without the -m switch.
-rSpecifies whether to filter for specific sources or records, or to filter them out.
-tIf this is specified, individual strings are separated by tabs. If not, they are specified by spaces.
|
KBCategory: kbtshoot
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |