Working with Event Ranges in Readlog (Windows Embedded CE 6.0)

  • Article

1/5/2010

Frequently, when you view a CeLog event-tracking log with Readlog or Kernel Tracker, you will find that you want to focus on a small range of events in the log. To further examine the range of interest, you might want an event summary for the range, or want a new log file that contains only that range.

For information about using Kernel Tracker to work with a range of events, see Finding A Range of Events with Remote Kernel Tracker.

To create a log that contains only a particular range of events, first create event IDs, and then create a new log that contains only the event IDs that you are interested in.

To use Readlog to assign IDs to events

  1. At a command prompt, type

    Readlog –ids <MyLog>.clg <MyLog_IDS>.txt

    This outputs a text file with an ID assigned to each event.

  2. From a text editor such as Notepad or Wordpad, open <MyLog_IDS>.txt.

    If the output file is very large, you may want to use a text editor that processes large files faster.

  3. In the text file, find the IDs for the events at the beginning and end of the range that you are interested in.

    The IDs from these events specify the range of events for the new Readlog output.

    For example, you might be interested in the range of time that began with the creation of MyProgram.exe, and ended when MyProgram.exe exited. In this case, find the process creation event for MyProgram.exe, and the process termination event for MyProgram.exe. The IDs of these events define the range.

  4. To generate an output file with only the events from the range of interest, use the –range parameter alone. At a command prompt, type

    Readlog -range <beginID> <endID> celog.clg MyOutput.txt

    This creates an output text file that records the events that occured between beginID and endID.

    Once you have noted the event IDs of the beginning event and the ending event that define the range of interest, you can also use Readlog to create alternative outputs that focus on a range of events.

  5. To generate an output file with the events from the range of interest together with a summary of those events, see Creating A Summary Of A Portion Of The Log.

  6. To create a new binary log file with only the events from the range of interest, see Creating a New Binary Log File with Events in a Range.

See Also

Reference

Readlog Command-Line Options

Other Resources

Readlog Viewing Tool