Synopsis
This KB Article outlines how to use Loggather.bat, This is a script that can automatically gather logs from Flexera components.So far it is applicable to the following components on Windows systems:
- Agents/clients
- Beacons
- Batch servers
- Application Servers
- Web Servers
Downloads:
Please see attachments on this KB
Discussion
Why use it?The log Gatherer is a great tool to get log information from customer environments, designed to be simple it can be used even when not knowing which information needs to be gathered.
What does it do?
Currently, it gathers logs from FNMS systems from 2015r1-2018r2
It gathers all FNMS logs within the past 8 days as well as many system environmental logs that are useful for determining other related issues such as IIS logging and windows system logging.
Lite and full-fat
Currently, I have 2 versions of the script, the full-fat version gathers both system and Flexera logs which is by default the best to use, however, some customers have concerns of sharing such information with us. In those scenarios, the Lite version can gather solely Flexera logs and settings to alleviate the customer's concerns.
How to use
Below is a script I use with customers to explain how to use the script, In addition, I also have a video tutorial which can be viewed and downloaded [see attatched]
| We may have to get some further logs from the system for this, I have attached a .bat to this case, if you can run this on your problem computer it will gather logs automatically for us. -Please run as admin and attach the file it generates- c:\FNMSlogs.zip to this case once complete -if the file fails to generate please manually compress the dir it generates instead at c:\FNMSlogs\ -Please append the archive names with what the system is, for example, ?COMPUTER123-BEACON? -if the .zip is over 65mb please let me know and I can setup a box fileshare for this to be uploaded to Once I have these logs I can cross check them and get a good overview of system enviromentals and error logs to take the case further. Many Thanks, |
Search Tools
Once you have received your logs a good tactic is to use advanced search tools to find what you are looking for, perhaps a certain text string amongst all the logs.
Two tools I use regularly for this are:
https://notepad-plus-plus.org
Great notepad viewer that is easy to do all around tasks in a multitude of files, mass-search, replace and smart viewing in .xml files makes this a good viewer.
http://astrogrep.sourceforge.net
A great tool for when your not really sure where to start looking, this tool allows you to search a directory recursively and all files underneath it. I use it with search terms such as ?Error? to get an idea of where issues are in a installation. It's also very quick.
Workaround
Unfortunately, I currently don't have a script to get agent logs and information from Linux/Unix/OSX systems. Fortunately though it's much simpler to do this manually-How to obtain Flexera Agent Logs on Linux/Unix Systems
There are 2 directories on these systems we need in Flexera Support, I shall go through the process on where each one is in this guide,First, open up a terminal and go to the root directory-
Then we need to Navigate to our first folder, /var/opt/managesoft/
This folder contains all the operational settings for the Agent, we request you send us all the contents of this folder in an archive. [in particular both ?etc? and ?log?]
Next, we need to navigate to our second folder, /opt/managesoft/
This folder contains all the installation files for the Agent, we request you send us all the contents of this folder in an archive. [in particular ?bin?]
If unsure on how to create an archive, please refer to the next page which goes over a creation in the terminal
The tar command on Linux is often used to create .tar.gz or .tgz archive files, also called ?tarballs.? This command has a large number of options, but you just need to remember a few letters to quickly create archives with tar. The tar command can extract the resulting archives, too.
The GNU tar command included with Linux distributions has integrated compression. It can create a .tar archive and then compress it with gzip or bzip2 compression in a single command. That?s why the resulting file is a .tar.gz file or .tar.bz2 file.
Compress an Entire Directory or a Single File
Use the following command to compress an entire directory or a single file on Linux. It?ll also compress every other directory inside a directory you specify?in other words, it works recursively.
tar -czvf name-of-archive.tar.gz /path/to/directory-or-file
Here?s what those switches actually mean:
- -c: Create an archive.
- -z: Compress the archive with gzip.
- -v: Display progress in the terminal while creating the archive, also known as ?verbose? mode. The v is always optional in these commands, but it?s helpful.
- -f: Allows you to specify the filename of the archive.
tar -czvf archive.tar.gz stuff
Or, let?s say there?s a directory at /usr/local/something on the current system and you want to compress it to a file named archive.tar.gz. You?d run the following command:
tar -czvf archive.tar.gz /usr/local/something
Compress Multiple Directories or Files at Once
While tar is frequently used to compress a single directory, you could also use it to compress multiple directories, multiple individual files, or both. Just provide a list of files or directories instead of a single one. For example, let?s say you want to compress the /home/ubuntu/Downloads directory, the /usr/local/stuff directory, and the /home/ubuntu/Documents/notes.txt file. You?d just run the following command:tar -czvf archive.tar.gz /home/ubuntu/Downloads /usr/local/stuff /home/ubuntu/Documents/notes.txt
Just list as many directories or files as you want to back up.
Additional Information
The IndexBelow is a table that explains what each component of the log gatherer does and where to find it once you receiveif as an archive. Not all of these will always be present depending on what it could find but it?s a good baseline to review this if you are unsure where to look
| Path | Description |
| FNMSlogs\%computername%\TempLogs\ | This path holds all the Temporary logging information from the host machine. Under this path, there is a replication of the local machine file structure so you can understand where these logs originate on the local system |
| \FNMSlogs\%computername%\FlexeraLogs | This path holds all the Traditional Flexera logs found under c:\ProgramData. Under this path, there is a replication of the local machine file structure so you can understand where these logs originate on the local system |
| FNMSlogs\%computername%\systemlogs | This Path holds a series of logs and folders that are relevant to system environments, The next table will describe these in detail as they are not standard FNMS logging. |
| Folder | Filename | Description |
| systemlogs\RegExtracts | regdumpx64.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp This is the default location for Flexera Registry settings on x64 machines. |
| systemlogs\RegExtracts | regdumpx86.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp This is the default location for Flexera Registry settings on x86 machines. |
| systemlogs\RegExtracts | installedx64.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall This path shows what installed x64 software is available according to registry entry traces |
| systemlogs\RegExtracts | installedx86.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall This path shows what installed x86 software is available according to registry entry traces |
| systemlogs\RegExtracts | ieproxysettings.txt | Contains a registry Extract of the contents of: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings This shows what IE settings are in use, of particular, usefulness Proxy Settings that IE is using |
| systemlogs\RegExtracts | dotNETx64.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework Shows the registry integrity of the x64 .NET installations |
| systemlogs\RegExtracts | dotNETx86.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework Shows the registry integrity of the x86 .NET installations |
| systemlogs\RegExtracts | SCHANNEL.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL Useful for confirming what security protocols the system is allowing, for example, TLS1.2 needs enabling from the beacon for cloud connectivity. Here is a KB that goes over this: https://flexerasoftware.my.salesforce.com/articles/en_US/INFO/Transport-Layer-Security-TLS-Configuration?popup=false&navBack=H4sIAAAAAAAAAIuuVipWslLyzssvz0lNSU_1yM9NVdJRygaKFSSmp4ZkluSA-KVAvn58aaZ-NkyhPpCDosu-ODWxKDnDtiSnWKk2FgCVJE8AWAAAAA |
| systemlogs\RegExtracts | ps-ver.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell Still a work in progress but the intention is to show the version of PowerShell installed which can be done by seeing what key nodes have been created under this path. Powershell queries can do this better which makes this a legacy method |
| systemlogs\RegExtracts | NETinstalled-ver.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP Shows what version of .NET is installed, the key nodes will be named which version is in use. A legacy way to gather this information. PS scripts do it better |
| systemlogs\NetworkTests\ | pingtest.txt | Shows the logs of a ping to www.flexera.com to confirm if connectivity to ping internet locations is available |
| ipconfig.txt | Shows a local overview of network options in use on the system, ip/domain/dns information | |
| systemlogs\OSInformation | systeminfo.txt | Shows a general overview of windows environmental information, a combination of several sources of information (OS version, network, etc) |
| systemlogs\OSInformation | sn.txt | Shows the local Serial Number as defined by the system Bios. Useful if needing to cross check the system in the DB |
| systemlogs\Performance | Cpuload.txt | Shows the current cpu stress levels as per script runtime. Useful to determine if server is having performance issues |
| systemlogs\Performance | Hddspec.txt | Shows what HDD?s are available on the system, useful for tracking down an installation of FNMS if it was moved |
| systemlogs\Performance | Hddspace.txt | Shows how much space is remaining on the systemdrive as per runtime, useful if logs are being inconsistent. Low space is a culprit of logs not being able to generate properly amongst many other system issues. |
| \systemlogs\Applications | Wmi-installed.csv | A list of installed applications according to the WMIC service, queries the control panel ?add remove programs? |
| \systemlogs\Applications | wmi-installed.txt | A list of installed applications according to the WMIC service, queries the control panel ?add remove programs? |
| systemlogs\Tasks | wmi-services.txt | Shows a list of currently running Services on the machine, useful for determing if the Flexera services are active and also what they run as |
| systemlogs\OSTasks | scheduledtasks.csv | Shows the current scheduled task list, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc) |
| systemlogs\OSTasks | Processlist.csv | Shows the current processlist at time of running, shows what executibles are running, memory and cpu usage and PID |
| systemlogs\OSTasks | Tasklist.csv | Shows the current scheduled task list in a more basic form, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc) |
| systemlogs\OSTasks | Tasklist.txt | Shows the current scheduled task list in a more basic form, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc) |
| systemlogs\NetworkTests\ | netstat.txt | Shows the local network status of the device, what is listening on what ports and what connectivity is available. Useful for troubleshooting local firewall issues |
| systemlogs\OSInformation\ | Installedwinupdates.txt | A list according to WMIC of the currently installed windows updates |
| systemlogs\OSInformation\ | Iever.txt | Shows the currently installed IE version |
| systemlogs\currentuser\ | whoisthis.txt | Shows information about the current user, in this file it shows who executed the script |
| systemlogs\IIS\ | apppools.xml | Shows the current IIS AppPool settings in use in xml form |
| systemlogs\IIS\ | sites.xml | Shows the current IIS site settings in use in xml form |
| systemlogs\NetworkTests | certstore.txt | Shows the contents of the current Certificate store using certutil -store |
| systemlogs\NetworkTests | certdump.txt | Shows the contents of the current certificate using certutil ?dump |
| systemlogs\OSInformation\ | eviewerlogs-system.evtx | A log extract from the current OS system showing all system logs, useful for diagnosing system level issues |
| systemlogs\OSInformation\ | eviewerlogs-application.evtx | A log extract from the current OS system showing all application logs, useful for diagnosing application level issues |
| systemlogs\OSInformation\ | eviewerlogs-security.evtx | *DISABLED BY DEFAULT DUE TO SECURITY GATHERING CONCERNS* A log extract from the current OS system showing all security logs, useful for diagnosing security level issues |
| systemlogs\OSInformation\ | installed-roles-and-features-legacy.txt | *LEGACY ONLY WORKS ON WINSVR2K8* Shows what roles and features are installed on the system, replaced with a powershell script above 2k8 [pending implementation to the script], this is here for legacy purposes |
| systemlogs\OSInformation\ | installed-roles-and-features-PS.txt | As above, the powershell variant for versions above 2k8 |
| systemlogs\OSInformation\ | moresysteminfo.txt | A WMIC output of general system information, its more detailed version of ?systeminfo? |
| systemlogs\Filepathinfo\ | cprogdump.txt | A full filepath directory return of the following directories: C:\program files, c:\program files (x86), c:\programdata Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation |
| systemlogs\Filepathinfo\ | dprogdump.txt | A full filepath directory return of the following directories: d:\program files, d:\program files (x86), d:\programdata Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation |
| systemlogs\Filepathinfo\ | eprogdump.txt | A full filepath directory return of the following directories: d:\program files, d:\program files (x86), d:\programdata Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation |
| systemlogs\Applications | detailed-installedsoftware.txt | A powershell script to show what installed software is available, alternative to the wmic method |
| systemlogs\OSInformation\ | detailed-computersystem.txt | A powershell script to show what the system information is, an alternative to systeminfo |
| systemlogs\currentuser\ | loggedin-users.txt | A powershell script to show what the current user is along with other logged in users, an alternative to the wmic method |
| systemlogs\OSTasks\ | detailed-processes.txt | A powershell script to show what the current detailed processes are. An alternative to the wmic method |
| systemlogs\FNMSwebtests | httplocalmanagesoftDL.txt | Attempts to do a local http download of managesoftdl/test This is the FNMS test page component |
| systemlogs\FNMSwebtests | httpslocalmanagesoftDL.txt | Attempts to do a local https download of managesoftdl/test This is the FNMS test page component |
| systemlogs\FNMSwebtests | systemlogs\httplocalmanagesoftRL.txt | Attempts to do a local http download of managesoftrl/test This is the FNMS test page component |
| systemlogs\FNMSwebtests | httpslocalmanagesoftRL.txt | Attempts to do a local https download of managesoftrl/test This is the FNMS test page component |
| systemlogs\FNMSwebtests | httpLoadMonitoringPage.html | Attempts to do a local http download of the FNMS monitoring page, only works when ran on the application server |
| systemlogs\FNMSwebtests | httpsLoadMonitoringPage.html | Attempts to do a local https download of the FNMS monitoring page, only works when ran on the application server |
| systemlogs\IIS\ | IIS-Detaills-PS.txt | Attempts to gather IIS confirmation and options via powershell scripts, |
| systemlogs\NetworkTests\ | hostfiles | Gathers the local system hostfiles from \windows\system32\drivers\etc good to see if any manual network redirects are in place |
| systemlogs\Filepathinfo\ | systemusersdirdump.txt | A full filepath directory return of the following directories: C:\users Useful for discovering managesoft temp files that could not be auto gathered as well as applications that like to hide in users appdata folders |
