Analyzing SMS/ConfigMgr log files the easy way!

How do you parse log files today?

Do you routinely troubleshoot issues with SMS clients?  Issues such as WMI not functioning, CCMEXEC not running, Bits issues, etc. The place I always start my troubleshooting is with the client log files (C:\Windows\System32\ccm\logs) as they contain a wealth of information and usually quickly lead you down the road to problem resolution.

In the past I've used simple scripts to parse the log files and that has worked fairly well, I've also fallen victim to manually opening log files one by one (by relevance to the problem I am working on) and looking/searching for keywords like 'failed' or 'error' or searching for a particular PackageID and it's associated entries.  Although this works fine, it is very time consuming and tedious.

An easier way to get the same results:

Recently I've begun using a tool called Log Parser to quickly parse through SMS client log files on both local and remote locations.  The beauty of using log parser is in it's simplicity, it provides query based access to numerous types of data.  For this scenario the data we care about is in the SMS client log files, which it handles with ease.

Parsing SMS client log files on a remote machine and getting results in a datagrid:

1. Open a command prompt and go the the log parser directory (C:\program files\Log Parser 2.2)

2. In the below example I am going to parse all the sms client log files on a remote system (LabExchange2003) and return every instance of the word 'failed' to an easy to navigate datagrid.

a: logparser -o:datagrid -i:TEXTLINE "select * from \\labexchange2003\c$\windows\system32\ccm\logs\*.log where text like '%failed%'"

image

Notice the results datagrid that is produced, you see the log file name where the match was found and the text. Initially the datagrid shows the first 10 rows, you then have the option to show the next 10 or show all.

image

Visual Log Parser:

Another option for utilizing log parser is to use Visual Log Parser from SerialCoder.net. This is a front-end to Log Parser that makes searching log files even more user friendly.

Here is a screenshot of the UI and a sample query:

image

Conclusion:

Log Parser is a very powerful tool, and while this article just touches the surface on it's capabilities I hope it serves as a good primer to help you become familiar with the tool and save you some time.

Future Resources:

Stay tuned to this blog for scripts/ideas around using log parser to assist with troubleshooting sms client & server issues.

Additional Resources:

Visual Log Parser on Codeplex

Great Technet article on using Log Parser

What if everything could be queried with SQL?

Scripting with Log Parser

Another Great Article on Using Log Parser to read log files and using its COM object

Paul Thomsen wrote a great series on analyzing SMS log files using vbscript

Comments