logman: Logmanmanagesthe 'PerformanceLogsandAlerts' service for creating and managing Event Trace Session logs and Performance logs.

... The examples for the command "logman"
... "logman" Excerpt from Microsoft Windows Help
... Important information, tips for the "logman" command

The command: "logman" is on Windows 11, 10, .. available

The examples for the command "logman"

The `logman` command is used in Windows to create and manage performance monitoring and event tracking logs. Here are some examples of using this command: Example 1: Create a new performance monitoring log:

logman create counter -n "MyPerformance Log" -f bin -si 10 -v mmddhhmm -o "C:\Performance Logs\MyLog.blg" -cf "C:\Performance Logs\Config.xml"

This command creates a new performance monitoring log named MyPerformanceLog. The data is collected in binary format (`-f bin`) with an interval of 10 seconds (`-si 10`). The log is saved in the C:\Performance Logs directory as MyLog.blg and the configuration is loaded from the XML file Config.xml. Example 2: Start data collection in an event tracking log:

logman start "MyEventLog" -p "{0C0CCAAA-AB5D-4A4F-9F72-0E77D58447F3}" 0x5 0x6 -ets

This starts data collection into an existing event tracking log named MyEventLog. The `-p` parameters specify the GUID for the provider ID, and `0x5` and `0x6` are examples of event levels. The `-ets` switch starts data collection. Example 3: Stop log data collection:

logman stop "MyEventLog" -ets

This command stops collecting data into an event tracking log named MyEventLog. Example 4: View log files:

logman query

This command lists all current performance monitoring and event tracking logs. Example 5: Clear performance monitoring log:

logman delete "MyPerformance Log"

Here the performance monitoring log named “MyPerformance Log” is deleted. Note: Using `logman` often requires administrative privileges. Make sure you're running Command Prompt as an administrator if necessary and that you have the appropriate access rights. Also note that these are just basic examples and you should consult the `logman` documentation for advanced configurations.

"logman" Excerpt from Microsoft Windows Help

Microsoft Windows [Version 10.0.19045.3693]
(c) Copyright 1985-2023 Microsoft Corp.


Microsoft r Logman.exe (5.1.2600.2180)
c Microsoft Corporation. All rights reserved.




 _ _


logman VERB <collection_name> 

  create <counter|trace>        Create a new collection. 
  start                         Start an existing collection and set the 
                                begin time to manual. 
  stop                          Stop an existing collection and set the end 
                                time to manual. 
  delete                        Delete an existing collection. 
  query [collection_name|providers]  Query collection properties. If no 
                                collection_name is given all collections are 
                                listed. The keyword 'providers' will list all 
                                of the registered Event Trace providers. 
  update                        Update an existing collection properties. 

  <collection_name>             Name of the collection. 

  -?                            Displays context sensitive help. 
  -s <computer>                 Perform the command on specified remote 
  -config <filename>            Settings file containing command options. 
  -b <M/d/yyyy h:mm:ss[AM|PM]>  Begin the collection at specified time. 
  -e <M/d/yyyy h:mm:ss[AM|PM]>  End the collection at specified time. 
  -m <[start] [stop]>           Change to manual start or stop rather than a 
                                scheduled begin or end time. 
  -[-]r                         Repeat the collection daily at the specified 
                                begin and end times. 
  -o <path|dsn!log>             Path of the output log file or the DSN and 
                                log set name in a SQL database. 
  -f <bin|bincirc|csv|tsv|sql>  Specifies the log format for the collection. 
  -[-]a                         Append to an existing log file. 
  -[-]v [nnnnnn|mmddhhmm]       Attach file versioning information to the end 
                                of the log name. 
  -[-]rc <filename>             Run the command specified each time the log 
                                is closed. 
  -[-]max <value>               Maximum log file size in MB or number of 
                                records for SQL logs. 
  -[-]cnf [[[hh:]mm:]ss]        Create a new file when the specified time has 
                                elapsed or when the max size is exceeded. 
  -c <path [path ...]>          Performance counters to collect. 
  -cf <filename>                File listing performance counters to collect, 
                                one per line. 
  -si <[[hh:]mm:]ss>            Sample interval for performance counter 
  -ln <logger_name>             Logger name for Event Trace Sessions. 
  -[-]rt                        Run the Event Trace Session in real-time 
  -p <provider [flags [level]]> A single Event Trace provider to enable. 
  -pf <filename>                File listing multiple Event Trace providers 
                                to enable. 
  -[-]ul                        Run the Event Trace Session in user mode. 
  -bs <value>                   Event Trace Session buffer size in kb. 
  -ft <[[hh:]mm:]ss>            Event Trace Session flush timer. 
  -nb <min max>                 Number of Event Trace Session buffers. 
  -fd                           Flushes all the active buffers of an existing 
                                Event Trace Session to disk. 
  -[-]u [user [password]]       User to Run As. Entering a * for the password 
                                produces a prompt for the password. The 
                                password is not displayed when you type it at 
                                the password prompt. 
  -rf <[[hh:]mm:]ss>            Run the collection for specified period of 
  -y                            Answer yes to all questions without 
  -ets                          Send commands to Event Trace Sessions 
                                directly without saving or scheduling. 
  -mode <trace_mode [trace_mode ...]>   Event Trace Session logger mode. 

  Where [-] is listed, an extra - negates the option.
  For example --r turns off the -r option.

  logman create counter perf_log -c "\Processor(_Total)\% Processor Time"
  logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile 
  logman start perf_log 
  logman update perf_log -si 10 -f csv -v mmddhhmm
  logman update trace_log -p "Windows Kernel Trace" (disk,net) 

Important information, tips for the "logman" command

There are a few important considerations to keep in mind when working with the `logman` command: 1. Admin rights: Make sure you run Command Prompt as an administrator to have full access to performance monitoring and event tracking features.

Right click -> "Run as administrator"

2. Proper configuration: Review the parameters and options carefully to ensure that performance monitoring or event tracking is configured according to your needs. Incorrect configurations can lead to unexpected behavior. 3. Performance Monitoring Services: Make sure the required Performance Monitor and Event Tracking services are enabled and started. 4. Monitor resource consumption: Make sure that data collection does not result in significant resource consumption, especially if you select very high frequency or detailed data collection. 5. Monitor log file size: Pay attention to the size of the log files, especially if you save in binary format (`-f bin`). Large log files can take up disk space and impact performance. 6. Time Limit: When you start data collection, note the time for which data collection remains active. Some collections may run longer than necessary, which may result in undesirable resource consumption. 7. Stop data collection: Don't forget to stop data collection as needed to free up resources and stop creating log files. 8. Documentation: Maintain documentation of the configured performance monitoring and event tracking settings to easily understand the configuration. These considerations should help ensure smooth and effective use of `logman`. If you have specific needs or scenarios, a more detailed analysis may be required.

日本語 (Nihongo)
한국어 (Hangugeo)
汉语 (Hànyǔ)


... Windows 10 FAQ
... Windows 10 How To

Windows 10 How To

... Windows 11 How To
... Windows 10 FAQ

The command logman - Logmanmanagesthe 'PerformanceLogsandAlerts' service for creating and managing Event Trace Session logs and Performance logs.

HTTP: ... console/en/093.htm

Animierte GIF-Unterstützung im Vorschaufenster der Datei Explorer!

Aktivieren oder deaktivieren Sie das Auto Update in DesktopOK!

V-Ram die Qualität des Rams sowie der Virtual CPU testen!

Keep the Mouse Speed on all Windows OS!

Auto Hide the Mouse Cursor on MS Windows 11, 10, ... Desktop and Server OS!

Standby blockieren wenn der MS Windows 11, 10, .. PC aus dem Standby aufwacht!