create {counter | trace}
Creates a new
counter or trace collection. The kind of entry you create determines its
location in the Performance console. A counter appears within the
Counter Logs folder, while a trace appears within the Trace Logs folder.
start
Starts an existing collection. This action sets the begin time to manual.
stop
Stops an existing collection. This action sets the end time to manual.
delete
Deletes an existing collection. None of the collection information remains; you can't undo this action.
query {collection_name |providers}
Queries a collection or provider. Typing query
by itself displays a list of collections that includes the collection
name, the collection type (counter or trace), and the collection status.
When you supply a collection name, the display includes the name, type,
status, start mode (normally manual), stop mode (normally manual),
output filename, the run as information (username), and the counters
monitored by the collection (such as \Process(_Total)\% Processor Time). If you use the provider's keyword, you'll see a list of registered providers and their associated GUID.
update
Updates an
existing collection of properties. You specify the existing collection
name, along with the new properties that you want to use. Whenever an
existing property conflicts with a new property, the new property
overrides the existing property value.
collection_name
Defines the
name of the collection to use. The collection name is the name that you
assign to the counter or trace when you create it. This is the same name
that appears in the Performance console.
-s
computer
Performs the task on a remote system. The default setting uses the local system.
-config
filename
Provides a file
containing a list of settings to use in place of command line options.
Using this feature lets you repeat setups with greater ease. In
addition, creating the sometimes complex command line setups this
utility requires is difficult. Using a configuration file reduces the
work you'll need to perform at the command line.
-b M/d/yyyy h:mm:ss[{ AM | PM }]
Defines the starting time for the collection. Collection continues until the specified ending time (see the -e
command line switch) or you manually end the collection process using
the stop verb. The default setting uses the current day and time. You
can input times using a 24-hour clock. When specifying a time based on a
12-hour clock, add the ~AM or ~PM option.
-e M/d/yyyy h:mm:ss [{ AM | PM }]
Defines the
ending time for the collection. The default setting uses the current day
and time. You can input times using a 24-hour clock. When specifying a
time based on a 12-hour clock, add the ~AM or ~PM option.
-m [start] [stop]
Modifies the collection to use a manual start or stop, rather than relying on a scheduled beginning or ending time.
-[-]r
Repeats the
collection daily at the specified begin and end time when used with a
single dash. Using a double dash removes the daily collection feature.
This command is only valid for begin and end times specified on the same
day, month, and year.
-o { Filename | DSN!Log }
Specifies
the output information for the collection. You can use an output file by
specifying a path and filename. As an alternative, you can specify a
SQL database (for any vendor that supports SQL) by including the Open
Database Connectivity (ODBC) DSN and the log set name within the SQL
database.The default
setting is to use a file with the same name as the performance
collection and a BLG extension for counters or an ETL extension for
traces.
-f { Bin | Bincirc | CSV | TSV | SQL }
Defines the log
format for the output. You can choose between binary, circular binary,
CSV, Tab Separated Value (TSV), and Structured Query Language (SQL).
-[-]a
Appends data to
the existing log file when used with a single dash. Overwrites the
existing log file when used with a double dash. The default setting is
to overwrite the existing log file.
-[-]v [ nnnnnn | mmddhhmm ]
Attaches
versioning information (either a number or the current date) to the end
of the log filename when used with a single dash. Removes the versioning
information when used with a double dash.
-[-]rc
Filename
Runs a command
after the system closes the log when used with a single dash. Disables
running a command when used with a double dash. The commands always run
in the foreground (so the user can see them).
-[-]max
Size
Defines the
maximum log file size in megabytes when used with a single dash. When
the log file exceeds the maximum size, the system stops collecting data
even if other command line arguments specify a longer collection time.
This command line switch specifies the number of records when used with a
SQL output. Removes the log file size restriction when used with a
double dash.
-[-]cnf
[[[hh:]mm:]ss]
Creates a new
file when the specified time elapses or the file reaches the maximum
file size when used with a single dash. Removes the collection time
restriction when used with a double dash.
-c CounterPath [CounterPath...]
Specifies one
or more performance counters to collect. Each performance counter has a
path that begins with the counter object, specific counter, and finally
the instance. Consequently, the \Process(_Total)\% Processor Time counter path would collect the _Total instance of the % Processor Time
counter found in the Processor object. Make sure you place each counter
path in double quotes. The counter path can include wildcard
characters. Here's a list of acceptable counter path formats.
\\machine\object(parent/instance#index)\counter
\\machine\object(parent/instance)\counter
\\machine\object(instance#index)\counter
\\machine\object(instance)\counter
\\machine\object\counter
\object(parent/instance#index)\counter
\object(parent/instance)\counter
\object(instance#index)\counter
\object(instance)\counter
\object\counter
-cf Filename Specifies a file containing a list of performance counters to collect. Each counter path must appear on a separate line.
-si
[[hh:]mm:]ss
Defines the sample interval (how often the system samples the counter) for the collection.
-ln
logger_name
Specifies the logger name for event trace sessions. The default logger name is the same as the collection name.
-[-]rt
Runs the event
trace session in real-time mode instead of a file when used with a
single dash. Runs the event trace session using a log file.
-p
provider [flags [level]]
Defines a single
provider to use as a source of data. The system providers usually
include the Windows Kernel Trace and ACPI Driver Trace Provider.
Installed providers commonly include ASP.NET Events, MSSQLSERVER Trace,
and .NET Common Language Runtime. You can also specify nonsystem
providers. Use the LogMan Query Providers option to obtain a list of
providers for the current system.
-pf
Filename
Specifies a file containing a list of providers to use as part of an event trace. Each provider must appear on a separate line.
-[-]ul
Runs the event
trace session in user mode when used with a single dash. The system can
only report on a single provider when running in user mode. Runs the
event trace session in kernel mode when used with a double dash.
-bs
Value
Specifies the event trace session buffer size in kilobytes.
-ft
[[hh:]mm:]ss
Defines the interval for flushing the event trace session buffer from memory to disk.
-nb
Minimum Maximum
Defines the minimum and maximum number of event trace session buffers.
-fd
Flushes all of the active buffers for an existing event trace session to disk.
-[-]u [user [password]]
Defines a user
account and password to use when running the collection. Using *as the
password input causes the LogMan utility to prompt you for the password.
Entering the password at a prompt means that other people won't see it
at the command line or within a batch file.
-rf
[[hh:]mm:] ss
Runs the collection for the specified time.
-y
Answers yes to
all questions without prompting. This feature lets you set up counters
and traces within a batch file without worrying about interruptions.
-ets
Sends commands to event trace sessions without saving or scheduling.
-mode
trace_mode [trace_mode ...]
Specifies advanced event session logger mode values, which can include globalsequence, localsequence, or pagedmemory. The globalsequence
option forces the event trace logger to add a sequence number to every
event it logs even if the entries are in different logs. The localsquence
option adds sequence numbers to every event logged to a specific event
trace. The sequence number might appear in another log, but all sequence
numbers within a specific log are unique. The pagedmemory
option forces the event logger to use paged memory, rather than
non-paged memory, for its internal buffer allocations. Although using
paged memory can slow event logger performance, it can also enhance
system performance as a whole.
