Working with Root Cause Analysis (RCA) is also part of my work at Microsoft. In case of cluster failover RCA, it is very important to get cluster log. Sometimes there are situation where we want to generate cluster log for last few minutes for quicker analysis of live issues. This blog explains some common parameters which I used in my day-to-day troubleshooting.
I have 4 nodes cluster in my lab named SRV1, SRV2, SRV3, SRV4.
- Default command – generates Cluster.log file on ALL nodes in C:\Windows\Cluster\Reports folder. File name would be Cluster.log
- if we want the cluster log to be generated for specific node(s) then we can use –Node parameter. We can put comma separated node names as shown below.
Get-ClusterLog -Node SRV1, SRV3
- You might know that the time shown in cluster log is UTC be default. Sometimes its difficult to translate UTC time to local time, specially for time-zones which has daylight saving. Luckily, cluster log can be generated in local time using parameter UseLocalTime . Here is the sample code.
- Another useful parameter is to copy the files to specific location. This command would generate logs and also dump on specified location. in below example, I am dumping logs from all nodes to C:\Temp folder.
Get-ClusterLog –Destination “C:\Temp”
- TimeSpan is another parameter which can generate cluster log for last number of minutes specified. By default it would generate Cluster.log for complete time. I find it useful when I repro’ed a problem and I want to look at cluster log for last 2 to 3 minutes. Here is the command to generate log for last 3 minutes.
Get-ClusterLog –TimeSpan 3
So, this is my favorite command after reproducing cluster issue on local node.
Get-ClusterLog -Node SRV1 -TimeSpan 2 -UseLocalTime -Destination C:\
Hopefully it would be useful.