Readlog Tool

Readlog (Readlog.exe) is a command-line tool that performs a conversion of the kernel tracker output, generated in CELog (.clg) format, into text (.txt) format.

readlog [options] Infile Outfile

Parameters

  • -v
    Prints verbose information.
  • -s
    Print summary of logged events.
  • -d
    Prints timestamps as the length of time elapsed since the last event, rather than absolute times.
  • -u
    Prints Unicode output.
  • -e
    Prints timestamps as comma delimited number of microseconds, which are readable in Excel.
  • -sync
    Generates output as a new log file with a sync header at the top instead of a text file. This option cannot be used with any of the other options.
  • -f <parameter>
    Filters out selected events, which are specified using additional parameters. The default setting is no filtering.
  • InFile
    Specifies the name of the CELog (.clg) file to read.
  • OutFile
    Specifies the name of the text file to generate, if the "-sync" option is not used. If the "-sync" option is used, this specifies the name of the new log file.

The following table shows case-sensitive parameters that specify which events Readlog removes if the parameter -f is used.

Parameter Description
T Removes thread, reschedule, migrate, and priority-invert events.
P Removes process events.
I Removes interrupt events.
K Removes KCALL entry and exit events.
M Removes memtrack events such as heap allocations, reallocations, and frees.
C Removes critical section events.
S Removes synchronization objects such as semaphores, mutexes, and events.
X Removes all system events. This has the same effect as using the TPIKMCS flags in a command.

Examples

The following code example shows a Readlog conversion of Celog.clg data into text without any filters enabled.

readlog celog.clg output.txt

The following code example shows a Readlog conversion of Celog.clg data into text with the -sync option enabled.

readlog -sync celog.clg new.clg
readlog new.clg output.txt

The following code example shows a Readlog conversion of Celog.clg data into text with filters enabled. These filter settings remove KCALL, memtrack, critical section, and synchronization events from the converted data, and then write it to Output.txt.

readlog -f KMCS celog.clg output.txt

Remarks

The "-sync" parameter is most useful for producing log files that are readable to the Remote Kernel Tracker tool. This tool will not display any data preceding the first sync header in the log.

The CeLogReSync API produces a sync header, which is a listing of all processes, threads, and modules that are currently present in the system. The log file may lack a sync header at the top if the log file is deleted or renamed while data is being collected. If the file is deleted, it will be recreated and a sync header will eventually be added to the log, but the header will not be at the beginning of the file.

You can also create custom filter parameters by setting values in the registry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\CeLog Reader\Filters, using the following format. The "FilterKey" must be a single character, and is case-sensitive.

"FilterKey"="hexID1,hexID2,hexID3,..."

The following code example shows a custom filter that can be used with the "-f c" parameters to remove events with IDs 1, 2, 11, and 12, which correspond to critical section events.

"c"="1,2,b,c"

See Also

Remote Kernel Tracker | Event Tracking

 Last updated on Friday, October 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.