How-To Export Windows Event Logs

KB ID: 1873
Product: Veeam Backup & Replication
Version: All
Published: 2014-04-21
Last Modified: 2022-09-28
Languages: IT | ES
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Purpose

When submitting a support case for technical assistance, it is sometimes necessary to upload relevant Windows event logs in addition to the Veeam logs. Event logs exported using default settings can be missing important information. This article describes three different methods of exporting Windows event logs and which records tend to be most beneficial for certain types of support cases. 
Automated Event Log Collection

A PowerShell script has been created by Veeam Support to simplify the collection of Guest OS diagnostic data (e.g., Veeam logs and Event Logs).

Details regarding this script can be found here: VeeamHUB > BR-Collect-GuestLogs

Solution

Below are the three common methods a Veeam Support Engineer may request you gather event logs for them.
If they have specified a specific method, please use the requested method.

  1. Export EVTX with Display Information (MetaData)
  2. Export as CSV
  3. Collect entire log folder from Windows.

 

Click here to see what logs should be collected for common issues.

Method 1: Export EVTX with Display Information (MetaData)

Note: An .evtx file must be exported with the Display Information so that events from sources can be read on other machines. Failure to include the Display Information may delay the investigation of the support case.

Export .evtx with Display Information:
  1. Open Event Viewer (eventvwr.msc).
  2. Locate the log to be exported in the left-hand column.
  3. Right-click the name of the log and select Save All Events As…
  4. Include in the file name the log type and the server name.
    For example, Application_HV01 would represent the Application event log from a server named HV01.
  5. From the Save as type sector, select Event Files.
  6. Include display information.


    User-added image

  7. Be sure to include the LocaleMetaData folder when packaging logs for upload.

    User-added image


Store all exported EVTX files and the LocaleMetaData folder in a single ZIP or 7z archive for each machine and attach them to the support case.

Method 2: Export as CSV

  1. Open Event Viewer (eventvwr.msc).
  2. Locate the log to be exported in the left-hand column.
  3. Right-click the name of the log and select Save All Events As…
  4. Include in the file name the log type and the server name.
    For example, Application_HV01 would represent the Application event log from a server named HV01.
  5. From Save as type selector, select CSV (Comma Separated) .

    User-added image

 

Store all exported CSV files in a single ZIP or 7z archive for each machine and attach them to the support case.

Method 3: Collect the Entire Log Folder

  1. Navigate to C:\Windows\System32\winevt\Logs
  2. Archive (ZIP or 7z) the entire contents of the Logs folder.
     

Create a single ZIP or 7z archive for each machine and attach them to the support case.

Issues Specific Event Logs

Veeam Support will request logs as needed, but you can help expedite the case investigation by checking to see if the issue aligns with one of the categories below and uploading appropriate event logs during case creation.
For Hyper-V Snapshot (Shadow Copy) Failures
  • Export the following event logs from the standalone Hyper-V host or from all cluster nodes:
    • Windows Logs > System
    • Windows Logs > Application
    • Applications and Services Logs>Microsoft>Hyper-V-VMMS>Admin
      User-added image
  • If Application-Aware Image Processing is enabled in the Backup or Replication job settings, test whether the failure occurs with that setting disabled.
  • If the problem occurs only when Application-Aware is enabled, export the Hyper-V-Integration log from the Hyper-V host managing the VM, then see Guest Processing Issues below.
    Note: For Hyper-V 2016 or newer this step can be skipped, as this section was removed in Server 2016.
    • Applications and Services Logs>Microsoft>Hyper-V-Integration>Admin
      User-added image
For Guest Processing Issues
  • Common examples include failure to truncate Exchange or SQL transaction logs, “VSSControl” error codes, and unexpected behavior occurring with the VM guest OS during backup.
  • Export these logs from the affected VM guest OS:
    • Windows Logs > System
    • Windows Logs > Application
  • You will typically also want to collect the Veeam VSS logs from the VM – see KB1789.
For Problems with Backup Infrastructure Servers
  • In all scenarios below, export the following from the appropriate server. When in doubt, export from the Veeam Backup server:
    • Windows Logs > System
    • Windows Logs > Application
  • If the error message is:
    • "task failed unexpectedly” - Export events from the Veeam Backup server.
    • referring to backup files on a Windows server - Export events from the repository server.
    • referring to backup files on a CIFS/SMB share - Export events from the gateway server, or from the Veeam Backup server and all proxies if no gateway was specified in the repository settings.
Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.