Created
June 5, 2025 13:12
-
-
Save jonny-jhnson/1e869683694ed98660892763b386d438 to your computer and use it in GitHub Desktop.
Logman Examples
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Create Remote Trace Session | |
| logman -s Wakanda-Wrkstn create trace -n KernelAPICallTrace -p Microsoft-Windows-Kernel-Audit-API-Calls 0xFFFFFFFFFFFFFFFF 0xFF -o C:\KernelAPICallTrace.etl -ets | |
| logman -s Wakanda-Wrkstn create trace -n "Service\KernelAPICallTrace" -p Microsoft-Windows-Kernel-Audit-API-Calls 0xFFFFFFFFFFFFFFFF 0xFF -o C:\KernelAPICallTrace.etl -ets | |
| logman -s Wakanda-Wrkstn create trace -n "Autosession\KernelAPICallTrace" -p Microsoft-Windows-Kernel-Audit-API-Calls 0xFFFFFFFFFFFFFFFF 0xFF -o C:\KernelAPICallTrace.etl -ets | |
| // Query Remote Trace Sessions | |
| logman -s Wakanda-Wrkstn query -ets | |
| // Query Remote ETW Providers | |
| logman -s Wakanda-Wrkstn query providers | |
| // Stopping Remote Trace Sessions | |
| logman -s Wakanda-Wrkstn stop "Session\KernelAPICallTrace" -ets | |
| logman -s Wakanda-Wrkstn stop KernelAPICallTrace -ets |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment