Finding Cluster Log Errors

Published On: 2019-01-18By:

Sometimes you know that a problem occurred, but the tools are not giving you the right information.  If you ever look at the Cluster Failover Manager for a Windows Cluster, sometimes that can happen.  The user interface won’t show you any errors, but you KNOW there was an issue.  This is when knowing how to use other tools to extract information from the cluster log becomes useful.

You can choose to use either Powershell or a command at the command prompt.  I tend to lean towards Powershell. I find it easier to utilize and gives me the most flexibility.

The Powershell cmdlet get-clusterlog is a quick and handy way to get information from the Windows Cluster. This cmdlet will create a text log file for all nodes or a specific node (if specified) within a failover cluster.  You can even use the cmdlet to specify a certain time space, like the last 15 minutes which can be really handy if you know that the issue occurred within that time frame.

This is great and all, however, it can give you a lot of information to try to shift through.  As you can see, the three log files shown below is about ~600MB worth of text!  That’s a lot!

If you are looking through cluster logs, you are looking for specific messages, most likely error messages.  Thankfully, the log categorizes each message and those error messages can be located.

Since ~600MB is a lot of data to try to manually shift through, there are easier ways.  We can use Powershell again to extract all of the error messages.  This allows us to efficiently locate error messages that might be prudent to the issue at hand.

So, I wrote a quick and easy script that iterates through a folder of cluster log files and extract any line that has the pattern “ ERR “ in it out to another file.  Notice that the pattern has spaces at the beginning and ending of the pattern so that if there are instances of strings like “error”, they are not returned.

$dir = "C:\users\john\Desktop\Temp\"
$files = Get-ChildItem $dir -Recurse -Include "*.log"

foreach ($file in $files){
$out = "ERR_" + $file.BaseName + ".txt"
select-string -path $file.FullName -Pattern " ERR " -AllMatches | out-file "$dir\$out"

Once ran, we can look in the destination folder and see that the amount of data has been reduced significantly, down to ~31MB down from ~600MB!

This was an easy script to write and it helped to narrow down just the error messages quickly so that I can help resolve the issue the cluster might be having.  The effectiveness and flexibility of Powershell continues to shine in situations like this.

If you haven’t started to learn Powershell, you should.  It’ll make your life easier in the long run.

© 2019, John Morehouse. All rights reserved.

Contact the Author | Contact DCAC


Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.

Awards & Certifications

Microsoft Partner   Denny Cherry & Associates Consulting LLC BBB Business Review    Microsoft MVP    Microsoft Certified Master VMWare vExpert
INC 5000 Award for 2020    American Business Awards People's Choice    American Business Awards Gold Award    American Business Awards Silver Award    FT Americas’ Fastest Growing Companies 2020   
Best Full-Service Cloud Technology Consulting Company       Insights Sccess Award    Technology Headlines Award    Golden Bridge Gold Award    CIO Review Top 20 Azure Solutions Providers
Share via
Copy link