1-800-691-1991 | 9am - 8pm ET
EN

How-To Export Windows Event Logs

KB ID: 1873
Product: Veeam Backup & Replication
Version: All
Published: 2014-04-21
Last Modified: 2021-07-12
Languages: IT | ES

Purpose

When submitting a support case for technical assistance, it is sometimes necessary to upload relevant Windows event logs in addition to the Veeam logs. Event logs exported using default settings can be missing important information. This article describes three different methods of exporting Windows event logs and which logs tend to be most useful for certain types of support cases. 

Solution

Below are the three common methods a Veeam Support Engineer may request you gather event logs for them. If they have specified a specific method, please use the requested method.

  1. Export EVTX with Display Information (MetaData)
  2. Export as CSV
  3. Collect entire log folder from Windows.

Click here to see what logs should be collected for common issues.

Method 1: Export EVTX with Display Information (MetaData)

An .evtx file alone does not contain the text of most events, so uploading an .evtx file without the associated Display Information can delay resolution of your support case. Even with the display information, an .evtx contains only the UTC time of the events and not the source time zone (Event viewer adjusts the displayed time to your local time zone).

Steps to Export .evtx with Display Information

  1. Open Event Viewer (eventvwr.msc).
  2. Locate the log to be exported in the left-hand column.
  3. Right-click the name of the log and select Save All Events As…
  4. Enter a file name that includes the log type and the server it was exported from.
    For example, when exporting the Application event log from server named HV01, enter Application_HV01.
  5. In Save as type , select Event Files .
  6. Include display information.


    User-added image

  7. Be sure to include the LocaleMetaData folder when packaging logs for upload.

    User-added image


Please package all files into a single .zip archive. For information on uploading files to Support, see: How to attach files to a support case

To export and then archive an event log from the command line, see: Archive an Event Log

Method 2: Export as CSV

  1. Open Event Viewer (eventvwr.msc).
  2. Locate the log to be exported in the left-hand column.
  3. Right-click the name of the log and select Save All Events As…
  4. Enter a file name that includes the log type and the server it was exported from.

    For example, when exporting the Application event log from server named HV01, enter Application_HV01.

  5. In Save as type , select CSV (Comma Separated) .

    User-added image



Please package all files into a single .zip archive. For information on uploading files to Support, see: How to attach files to a support case

To export and then archive an event log from the command line, see: Archive an Event Log

Method 3: Collect entire log folder from Windows.

  1. Navigate to C:\Windows\System32\winevt\Logs
  2. Archive (ZIP\7z\RAR) the entire contents of the Logs folder.

Please package all files into a single .zip archive. For information on uploading files to Support, see: How to attach files to a support case

To export and then archive an event log from the command line, see: Archive an Event Log

Which Logs to Export

Veeam Support will request logs as needed, but you can speed up resolution of a new case by checking to see if it falls into one of the categories below and uploading appropriate event logs during case creation.

For Hyper-V Snapshot (Shadow Copy) Failures
  • Export the following event logs from the standalone Hyper-V host or from all cluster nodes:
    • Windows Logs > System
    • Windows Logs > Application
    • Applications and Services Logs>Microsoft>Hyper-V-VMMS>Admin
      User-added image
  • If Application-Aware Image Processing is enabled in the Backup or Replication job settings, test whether the failure occurs with that setting disabled.
  • If the problem occurs only when Application-Aware is enabled, export the Hyper-V-Integration log from the Hyper-V host managing the VM, then see Guest Processing Issues below.
    Note: For Hyper-V 2016 or newer this step can be skipped, as this section was removed in Server 2016.
    • Applications and Services Logs>Microsoft>Hyper-V-Integration>Admin
      User-added image
For Guest Processing Issues
  • Common examples include failure to truncate Exchange or SQL transaction logs, “VSSControl” error codes, and unexpected behavior occurring with the VM guest OS during backup.
  • Export these logs from the affected VM guest OS:
    • Windows Logs > System
    • Windows Logs > Application
  • You will typically also want to collect the Veeam VSS logs from the VM – see KB1789.
For Problems with Backup Infrastructure Servers
  • In all scenarios below, export the following from the appropriate server. When in doubt, export from the Veeam Backup server:
    • Windows Logs > System
    • Windows Logs > Application
  • If the error message is:
    • "task failed unexpectedly” - Export events from the Veeam Backup server.
    • referring to backup files on a Windows server - Export events from the repository server.
    • referring to backup files on a CIFS/SMB share - Export events from the gateway server, or from the Veeam Backup server and all proxies if no gateway was specified in the repository settings.
KB ID: 1873
Product: Veeam Backup & Replication
Version: All
Published: 2014-04-21
Last Modified: 2021-07-12
Languages: IT | ES

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for your interest in Veeam products!
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.