#1 Global Leader in Data Protection & Ransomware Recovery

How to Collect Logs for Veeam Agent for Microsoft Windows

KB ID: 2404
Product: Veeam Agent for Microsoft Windows | 2.0 | 2.1 | 2.2 | 3.0.2 | 4.0 | 5.0 | 6.0 | 6.1
Published: 2017-11-17
Last Modified: 2024-04-29
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Purpose

This article explains how to collect the logs required for a Veeam Agent for Microsoft Windows support case.

Solution

Quick Start Automated Veeam Agent for Microsoft Windows  Log Collection

If the Windows machines where Veeam Agent for Microsoft Windows is installed has an internet connection:

  1. Open an Administrative PowerShell console.
    Tip: Right-click the start button, and from the context menu that appears, select Windows PowerShell (Admin) or Terminal (Admin).
  2. Run these two lines to automatically download the log collection script to %temp% and execute it.
    Tip: If you hover your mouse over the code block below, a Copy button will appear in the top-right corner that can be used to copy the script to your clipboard.
Invoke-WebRequest https://raw.githubusercontent.com/VeeamHub/powershell/master/VAW-CollectKB2404Logs/CollectKB2404Logs.ps1 -OutFile $Env:Temp\CollectKB2404Logs.ps1
PowerShell.exe -ExecutionPolicy ByPass -File $env:temp\CollectKB2404Logs.ps1


When the script is complete, answer Yes to have the script open the folder where the logs were written, then attach the log bundle to the case.

If the machine where Veeam Agent for Microsoft Windows is installed cannot access the internet or the location where the script is stored, download the script on another machine and copy it to that Windows machine.

Automated Collection Guide

If the Windows machine where Veeam Agent for Microsoft Windows is installed does not have an internet connection, or if you prefer to deploy the script manually, follow these steps:

  1. On a machine with an internet connection, download the Veeam Agent for Microsoft Windows Log Collection Script from the VeeamHUB GitHub page.
    If your environment does not allow access to GitHub, review the Veeam Script Storage Location statement at the bottom of this article.

    Right-click on the following link, and select Save link as...

    https://raw.githubusercontent.com/VeeamHub/powershell/master/VAW-CollectKB2404Logs/CollectKB2404Logs.ps1
  2. Copy the downloaded script (CollectKB2404Logs.ps1) to a location on the machine where Veeam Agent for Microsoft Windows is installed.
    For example: C:\temp\
  3. Open a Run Command (Win+R) and paste the following command. Ensure the path to the script is correct.
    Hold [Ctrl] and [Shift], then press [Enter] to run the command as Administrator.
PowerShell.exe -ExecutionPolicy ByPass -File C:\temp\CollectKB2404Logs.ps1
Log Collection
Truncated screenshot demonstrating execution and completion prompt to open log bundle location.
  • The script collects data automatically. No system changes are made.
  • Once the script is complete, a message about the successful execution will appear.
  1. Attach the generated log bundle from the folder shown in the PowerShell output to the support case.

If the script fails to collect the logs, collect the information manually, as outlined below.

More Information

Veeam Support Script Storage Location

The Veeam Knowledge Base is transitioning to storing the scripts commonly provided by KB articles on the VeeamHub on GitHub. The PowerShell scripts linked in Knowledge Base articles are managed by Veeam employees, and only Veeam-approved changes can be published. Moving script storage to GitHub will enhance transparency, allow for easier tracking of script version history, and improve the overall customer experience.

However, we recognize that some customers may have security protocols that restrict access to GitHub. To accommodate these situations, we are providing an alternative download location. If you cannot access GitHub or prefer not to download the PowerShell scripts from there, a copy of the script is available for download using the button below.

How to Collect Logs Manually

The following steps must be completed on the computer where Veeam Agent for Microsoft Windows is installed.

Part 1: Collect Veeam Agent Logs
  1. Navigate to the following folder:
    C:\Programdata\Veeam\Endpoint
    (The programdata folder is hidden by default. Copy and paste the provided path)
  2. Archive the content of this folder.
Part 2: Collect VSS Diagnostics
  1. Run the following commands using the administrative command prompt:
    • vssadmin list writers > C:\vss_writers.log
    • vssadmin list providers > C:\vss_providers.log
    • vssadmin list shadows > C:\vss_shadows.log
    • vssadmin list shadowstorage > C:\vss_shadow_storage.log
  2. Archive the resulting files.
     

User-added image
 

Part 3: Collect Event Logs
  1. Run the Event Viewer (eventvwr.msc).
  2. In the left menu, find the Application logs.
  3. Right-click the Application logs and select Save All Events As.
  4. Enter the file name that includes the log type and the computer name the logs were exported from (for example, when exporting Application logs from a computer named HV01, enter Application_HV01).
  5. In Save as type, select Event Files (*.evtx).
  6. Include the display information.

    User-added image

  7. Repeat steps 3—6 for the System logs.
  8. Archive the logs. Include the LocaleMetaData folder in the archive as well.

    User-added image
     

Step 4: Collect File System Minifilter Diagnostics
  1. Run the fltmc instances > C:\filter.log command using the administrative command prompt.
Step 5: Collect Hardware VSS Provider logs

[Only needed for backup jobs which use Storage Snapshots functionality]

  1. Navigate to the following folder:
    C:\Programdata\Veeam\Backup
    (the programdata folder is hidden by default. Copy and paste the provided path)
  2. Archive the content of this folder.
For information about attaching files to a support case, please review: https://www.veeam.com/kb4162
Data Collected by Automated Log Collection Script
  • Veeam Agent for Microsoft Windows log files located in C:\ProgramData\Veeam\Endpoint
  • Veeam Installer Service logs from %programdata%\Veeam\Backup
  • VSS hardware provider logs from %programdata%\Veeam\Backup
  • Information provided by the systeminfo command
  • Information provided by the vssadmin command
  • Information provided by the fltmc command
  • Windows Application, System, Security and Veeam Agent events
  • The HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Endpoint Backup registry key.
  • Computer UUID
  • Veeam Agent certificate (for Agent Management)
  • Get-ChildItem Cert:\LocalMachine\My\ | where{$_.FriendlyName -eq 'Veeam Agent Certificate'} |Format-List -Property Issuer, Subject, SerialNumber, Thumbprint, NotAfter
  • System information
    • Boot configuration
      •  bcdedit /v
  • Mounted volumes
    •  mountvol /l
  • Drivers
    •  Get-WmiObject Win32_PnPSignedDriver| select devicename,drivername,infname,driverversion
  • Hardware information
    •  wmic csproduct
  • .NET Framework setup
    •  Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
  • Applied group policy settings
    •  gpresult /z
  • Environment variables:
    • Get-ItemProperty -Path "HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
    • Get-ItemProperty -Path "HKCU:\Environment" 
  • Uptime
    •  Get-CimInstance -ClassName Win32_OperatingSystem | Select LastBootUpTime
  • Installed updates
    •  get-wmiobject -class win32_quickfixengineering
  • Windows Firewall settings
    •  Get-NetFirewallProfile | Format-List
  • TLS Settings
    •  reg export "HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL"
  • Installed software
    •  Get-WmiObject Win32_Product | Sort-Object Name | Format-Table IdentifyingNumber, Name, InstallDate -AutoSize
  • Windows services status
    •  gwmi win32_service | select displayname, name, startname,startmode,state
  • Windows events
    •  Microsoft-Windows-SMBClient/Connectivity, Microsoft-Windows-SMBClient/Operational
  • Windows cluster events
  • Network configuration settings:
    • Get-NetAdapterBinding | Where-Object { $_.DisplayName -match "File and Printer Sharing" } | Format-Table -AutoSize
  • Network configuration:
    • ipconfig /all
    • netstat -bona
    • route print
For more information on how we process the collected data, please visit: vee.am/processing_of_personal_data
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.