none
Collecting Log files from the client RRS feed

  • Question

  • I need to check log files on the client from time to time in a different locations.

    I do not have access to a local user drive. Are there anything possible with SCCM to access logs on the user side? 

    WinRM is disabled, SCCM remote is disabled as well. 

    Looking for some ideas to point me in the right direction....

    Thank you.

    Thursday, March 21, 2019 2:59 PM

All replies

  • There is no useful method within SCCM to collect random log files. If you don't have access then there really isn't much you can do.  

    Garth Jones

    Blog: https://www.enhansoft.com/blog Old Blog: https://sccmug.ca/

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleashed

    Thursday, March 21, 2019 3:36 PM
    Moderator
  • I have tried to look into this myself for a bit but as Garth says there really isn't much you could do, besides using the CMTrace to connect to a client machine and look at the logs that way.

    You could use a script, Task Sequence or Package to run a command or so to copy the logs to a central location, but as clients have so many logs and update every second wouldn't really recommend it, unless you planned on copying very specific logs.


    Website: www.walshamsolutions.com Technical Blog: https://www.walshamsolutions.com/technical-blog Personal Blog: https://www.walshamsolutions.com/personal-blog Twitter: Dwalshampro

    Thursday, March 21, 2019 3:58 PM
  • Oh, there's a way... now... did the person I know who got this working publicly blog it or not?  I'll have to check.  Basically, they leverage the "run Scripts" node.  and have an open file share on a server.  the script runs on the target, zips everything up, and then dumps it to that open file share .

    Standardize. Simplify. Automate.

    Thursday, March 21, 2019 5:17 PM
  • You can try using Splunk.
    Thursday, March 21, 2019 5:34 PM
  • Oh, there's a way... now... did the person I know who got this working publicly blog it or not?  I'll have to check.  Basically, they leverage the "run Scripts" node.  and have an open file share on a server.  the script runs on the target, zips everything up, and then dumps it to that open file share .

    Standardize. Simplify. Automate.

    oooooh that is a great idea! Although you will either need to hardcore a username/password in the script or setup open security on the share.  

    Garth Jones

    Blog: https://www.enhansoft.com/blog Old Blog: https://sccmug.ca/

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleashed

    Thursday, March 21, 2019 5:51 PM
    Moderator
  • Sherry, is that in Garth Jones blog? Maybe you can share a link?

    thank you

    Thursday, March 21, 2019 6:18 PM
  • Sherry, is that in Garth Jones blog? Maybe you can share a link?

    thank you

    it not my blog but I wish it was. :-)

    Garth Jones

    Blog: https://www.enhansoft.com/blog Old Blog: https://sccmug.ca/

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleashed

    Thursday, March 21, 2019 7:26 PM
    Moderator
  • I've contacted the author of the script--he said he'll blog it.  Just waiting for him to do so (he might be doing his actual job where they pay him, so it might not be until later that he gets it blogged).

    while you're waiting... :)

    As Garth mentioned, the flaw in this is pretty much wide-open rights to dump anything to this share.  You will want to make a location on a server you manage/control--which has lots of space.

    create a folder called (for example):

    E:\ClientLogs
    Share that out as ClientLogs$
     For share permissions, because who will be 'copying' the logs to that share is a computer, add the group:
      <your domain where your computers live>\Domain Computers, with Change, Read.
     On that folder of E:\ClientLogs, for NTFS permissions, add Modify, Read & Execute, List folder contents, read, Write (aka, everything but full control) to
      <that same group you just did for share permissions, aka, \Domain Computers

    when he blogs the script, there will be a variable in there you'll need to change to match, like...

    \\YourServer\ClientLogs$

    Another thing you'll want to think about... you'll want to be diligent in cleaning up after yourself.  I don't think there's any kind of "hey, in 30 days delete old stuff"--it's a manual cleanup I believe.  so watch your free space on that drive.  I wouldn't put this share on the same drive where the database lives, or where the inboxes live.  If possible, I'd find a server that isn't part of CM at all, just happens to be a server the machines can get to, with lots of space.


    Standardize. Simplify. Automate.


    Thursday, March 21, 2019 8:04 PM