Collecting the Application and System Event logs


In this quick blog post, we are sharing steps you can follow to help gather the Application and System event logs that are often requested when troubleshooting Browsers related scenarios by our Browsers Support team. This can also be useful for other Windows related troubleshooting steps. The Batch file can be modify to meet your needs!

MANUAL STEPS

  1. Open eventvwr from run/search
  2. Expand Windows Logs
  3. Right click Application and select "save all events as..."
  4. Choose a meaningful name and save it as an evtx file

BATCH FILE

  1. Open Notepad.exe
  2. Copy the batch file on a new notepad file
  3. Save it as GetEventlogs.bat
  4. Run from an Elevated CMD window
:START
REM Requirement: Open with an Elevated Administrator CMD Window
@echo off
setlocal
set MSFTLOGS=%temp%\MSFTLOGS
if not exist %MSFTLOGS% (
mkdir %MSFTLOGS% 2>nul
)
echo "Hit Enter to collect Event logs"
@pause
@echo.
echo Gathering Event logs
copy %windir%\System32\winevt\Logs\Application.evtx %MSFTLOGS% /y
copy %windir%\System32\winevt\Logs\System.evtx %MSFTLOGS% /ySETLOCAL ENABLEDELAYEDEXPANSION
SET sourceDirPath=%MSFTLOGS%
IF [%2] EQU [] (
SET destinationDirPath="%USERPROFILE%\AppData\Local\Temp\MSFTLOGS"
) ELSE (
SET destinationDirPath="%2"
)
IF [%3] EQU [] (
SET destinationFileName="MSFT_logs.cab"
) ELSE (
SET destinationFileName="%3"
)
SET tempFilePath=%TEMP%\FilesToZip.txt
TYPE NUL > %tempFilePath%FOR /F "DELIMS=*" %%i IN ('DIR /B /S /A-D "%sourceDirPath%"') DO (SET filePath=%%i
SET dirPath=%%~dpi
SET dirPath=!dirPath:~0,-1!
SET dirPath=!dirPath:%sourceDirPath%=!
SET dirPath=!dirPath:%sourceDirPath%=!
ECHO .SET DestinationDir=!dirPath! >> %tempFilePath%
ECHO "!filePath!" >> %tempFilePath%
)

MAKECAB /D MaxDiskSize=0 /D CompressionType=MSZIP /D Cabinet=ON /D Compress=ON /D UniqueFiles=OFF /D DiskDirectoryTemplate=%destinationDirPath% /D CabinetNameTemplate=%destinationFileName%  /F %tempFilePath% > NUL 2>&1

echo click Continue to delete Event logs from the TEMP folder"
@pause
@echo.
del %temp%\MSFTLOGS\Application.evtx
del %temp%\MSFTLOGS\System.evtx

@echo.
echo Click enter to open the Temp logs file location...
start %temp%\MSFTLOGS
:END

This blog has been provided by the Browser Support Team!


Comments (0)

Skip to main content