BACK TO KB LIST

How To Export Windows Event Logs

KB ID:	1873
Product:	Veeam Backup & Replication
Version:	All
Published:	2014-04-21
Last Modified:	2024-07-15
Languages:	JP \| IT \| ES

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

Oops! Something went wrong.

Please, try again later.

Purpose

When submitting a support case for technical assistance, it is sometimes necessary to upload relevant Windows event logs in addition to the Veeam logs. Event logs exported using default settings can be missing important information. This article describes three different methods of exporting Windows event logs and which records tend to be most beneficial for certain types of support cases.

Automated Event Log Collection

A PowerShell script has been created by Veeam Support to simplify the collection of Guest OS diagnostic data (e.g., Veeam logs and Event Logs).

Details regarding this script can be found here: VeeamHUB > BR-Collect-GuestLogs

Solution

Below are the two methods a Veeam Support Engineer may request you gather event logs for them.
If they have specified a specific method, please use the requested method.

Export EVTX with Display Information (MetaData)
Export as CSV

Click here to see what logs should be collected for common issues.

Method 1: Export EVTX with Display Information (MetaData)

Note: To ensure that all events in an .evtx file can be read on other machines, the .evtx must be exported with the Display Information. Failure to include the Display Information may delay the investigation of the support case.

Open Event Viewer (eventvwr.msc).
Locate the log to be exported in the left-hand column.
Right-click the name of the log and select Save All Events As…
Include the log type and the server name in the file name.
For example, Application_HV01 would represent the Application event log from a server named HV01.
From the Save as type sector, select Event Files.
Include display information.
Be sure to include the LocaleMetaData folder when packaging logs for upload.

Store each machine's exported EVTX files and the LocaleMetaData folder in a single ZIP or 7z archive and attach them to the support case.

Method 2: Export as CSV

Open Event Viewer (eventvwr.msc).
Locate the log to be exported in the left-hand column.
Right-click the name of the log and select Save All Events As…
Include the log type and the server name in the file name.
For example, Application_HV01 would represent the Application event log from a server named HV01.
From Save as type selector, select CSV (Comma Separated).

Store each machine's exported CSV files in a single ZIP or 7z archive and attach them to the support case.

Issues Specific Event Logs

Veeam Support will request logs as needed. However, you can help expedite the case investigation by checking to see if the issue aligns with one of the categories below and uploading appropriate event logs during case creation.

For Hyper-V Snapshot (Shadow Copy) Failures

Export the following event logs from the standalone Hyper-V host or from all cluster nodes:
- Windows Logs > System
- Windows Logs > Application
- Applications and Services Logs > Microsoft > Windows > Hyper-V-VMMS > Admin
If Application-Aware Image Processing is enabled in the Backup or Replication job settings, test whether the failure occurs when that setting is disabled.
(Note: This step can be skipped for Hyper-V 2016 or newer, as this section was removed in Server 2016.)
If the problem occurs only when Application-Aware is enabled, export the Hyper-V-Integration log from the Hyper-V host managing the VM, then see Guest Processing Issues below.
- Applications and Services Logs > Microsoft > Windows > Hyper-V-Integration > Admin

For Guest Processing Issues

Common examples include failure to truncate Exchange or SQL transaction logs, “VSSControl” error codes, and unexpected behavior occurring with the VM guest OS during backup.
Export these logs from the affected VM guest OS:
- Windows Logs > System
- Windows Logs > Application
You will typically also want to collect the Veeam VSS logs from the VM – see KB1789.

For Problems with Backup Infrastructure Servers

In all scenarios below, export the following from the appropriate server. When in doubt, export from the Veeam Backup server:
- Windows Logs > System
- Windows Logs > Application
If the error message is:
- "task failed unexpectedly”, export events from the Veeam Backup server.
- referring to backup files on a Windows server, export events from the repository server.
- referring to backup files on a CIFS/SMB share, export events from the gateway server. If no gateway server was assigned in the repository settings, export event logs from the Veeam Backup Server and all proxies.
  - Be sure to include SMB Client Event:
    Applications and Services Logs > Microsoft > Windows > SMBClient > Connectivity

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

Product

Topic

Description

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Verify your email to continue your product download

We've sent a verification code to:

An email with a verification code was just sent to

Didn't receive the code? Click to resend in sec

Didn't receive the code? Click to resend

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.