How to Collect Logs for Veeam Agent for Microsoft Windows
Purpose
This article explains how to collect the logs required for a Veeam Agent for Microsoft Windows support case.
Solution
Quick Start Automated Veeam Agent for Microsoft Windows Log Collection
For Windows machines with an internet connection, open an Administrative PowerShell console on the Windows machine where Veeam Agent for Microsoft Windows is installed and run these two lines to automatically download the log collection script to %temp% and execute it.
When the script completes, answer "Yes" to have the script open the folder where the logs were written, then attach the log bundle to the case.
Invoke-WebRequest https://raw.githubusercontent.com/VeeamHub/powershell/master/VAW-CollectKB2404Logs/CollectKB2404Logs.ps1 -o $Env:Temp\CollectKB2404Logs.ps1
PowerShell.exe -ExecutionPolicy ByPass -File $env:temp\CollectKB2404Logs.ps1Automated Collection Guide
For Windows machines without an internet connection, or if you prefer to manual deploy the script, follow these steps:
- Download the Veeam Agent for Microsoft Windows Log Collection Script from the VeeamHUB GitHub page:
https://github.com/VeeamHub/powershell/tree/master/VAW-CollectKB2404Logs - Save the CollectKB2404Logs.ps1 file to location on the machine where Veeam Agent for Microsoft Windows is installed.
For example, C:\temp\ - Open an Elevated Command Prompt or PowerShell window and run the command:
PowerShell.exe -ExecutionPolicy ByPass -File <Path to the script>- The script collects data automatically. No system changes are made.
- Once the script is complete a message about the successful execution will appear.
Truncated screenshot demonstrating execution and completion prompt to open log bundle location.
- Attach the generated log bundle from the folder shown in the PowerShell output to the support case.
If the script fails to collect the logs, collect the information manually, as outlined below.
More Information
How to Collect Logs Manually
The following steps must be completed on the computer where Veeam Agent for Microsoft Windows is installed.
Part 1: Collect Veeam Agent Logs
- Navigate to the following folder:
C:\Programdata\Veeam\Endpoint
(The programdata folder is hidden by default. Copy and paste the provided path). - Archive the content of this folder.
Part 2: Collect VSS Diagnostics
- Run the following commands using the administrative command prompt:
- vssadmin list writers > C:\vss_writers.log
- vssadmin list providers > C:\vss_providers.log
- vssadmin list shadows > C:\vss_shadows.log
- vssadmin list shadowstorage > C:\vss_shadow_storage.log
- Archive the resulting files.
Part 3: Collect Event Logs
- Run the Event Viewer (eventvwr.msc).
- In the left menu, find the Application logs.
- Right-click the Application logs and select Save All Events As.
- Enter the file name that includes the log type and the computer name the logs were exported from (for example, when exporting Application logs from a computer named HV01, enter Application_HV01).
- In Save as type, select Event Files (*.evtx).
- Include the display information.
- Repeat steps 3—6 for the System logs.
- Archive the logs. Include the LocaleMetaData folder in the archive as well.
Step 4: Collect File System Minifilter Diagnostics
- Run the fltmc instances > C:\filter.log command using the administrative command prompt.
Step 5: Collect Hardware VSS Provider logs
[Only needed for backup jobs which use Storage Snapshots functionality]
- Navigate to the following folder:
C:\Programdata\Veeam\Backup
(the programdata folder is hidden by default. Copy and paste the provided path). - Archive the content of this folder.
For information about attaching files to a support case, please review: https://www.veeam.com/kb4162
Data Collected by Automated Log Collection Script
- Veeam Agent for Microsoft Windows log files located in C:\ProgramData\Veeam\Endpoint
- Veeam Installer Service logs from %programdata%\Veeam\Backup
- VSS hardware provider logs from %programdata%\Veeam\Backup
- Information provided by the systeminfo command
- Information provided by the vssadmin command
- Information provided by the fltmc command
- Windows Application, System, Security and Veeam Agent events
- The HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Endpoint Backup registry key.
- Computer UUID
- Veeam Agent certificate (for Agent Management)
- Get-ChildItem Cert:\LocalMachine\My\ | where{$_.FriendlyName -eq 'Veeam Agent Certificate'} |Format-List -Property Issuer, Subject, SerialNumber, Thumbprint, NotAfter
- System information
- Boot configuration
- bcdedit /v
- Boot configuration
- Mounted volumes
- mountvol /l
- Drivers
- Get-WmiObject Win32_PnPSignedDriver| select devicename,drivername,infname,driverversion
- Hardware information
- wmic csproduct
- .NET Framework setup
- Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
- Applied group policy settings
- gpresult /z
- Environment variables:
- Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
- Get-ItemProperty -Path "HKCU:\Environment"
- Uptime
- Get-CimInstance -ClassName Win32_OperatingSystem | Select LastBootUpTime
- Installed updates
- get-wmiobject -class win32_quickfixengineering
- Windows Firewall settings
- Get-NetFirewallProfile | Format-List
- TLS Settings
- reg export "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL"
- Installed software
- Get-WmiObject Win32_Product | Sort-Object Name | Format-Table IdentifyingNumber, Name, InstallDate -AutoSize
- Windows services status
- gwmi win32_service | select displayname, name, startname,startmode,state
- Windows events
- Microsoft-Windows-SMBClient/Connectivity, Microsoft-Windows-SMBClient/Operational
- Windows cluster events
- Network configuration settings:
- Get-NetAdapterBinding | Where-Object { $_.DisplayName -match "File and Printer Sharing" } | Format-Table -AutoSize
- Network configuration:
- ipconfig /all
- netstat -bona
- route print
Related Articles
- How to Collect Logs for Veeam Backup & Replication
- How to Collect Logs for Veeam Backup Enterprise Manager
- How to Locate and Collect VSS/VIX Log Files From Guest OS
- Granular Log Collection Guide for SOBR Capacity/Archive Tier Issues
- How to Collect Logs for Veeam ONE
- How to Collect Logs for Veeam Management Pack for Microsoft System Center
- How to Collect Logs for Veeam Agent for Microsoft Windows
- How to Collect Logs for Veeam Plug-in for Microsoft SQL Server
- How to Collect Logs for Veeam Plug-in for SAP HANA
- How to Collect Logs for Veeam Plug-in for Oracle RMAN
- Veeam Cloud Connect - Compiling Provider/Tenant Logs for Support Cases
- Veeam Service Provider Console – Compile and Upload Server Logs
For more information on how we process the collected data, please visit: vee.am/processing_of_personal_data
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.