cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Automated Gathering of logs for Flexera Components [Loggather]

Automated Gathering of logs for Flexera Components [Loggather]

Synopsis

This KB Article outlines how to use Loggather.bat, This is a script that can automatically gather logs from Flexera components.
So far it is applicable to the following components on Windows systems:
  • Agents/clients
  • Beacons
  • Batch servers
  • Application Servers
  • Web Servers
Its primary purpose is to provide as much information as possible for Flexera support to troubleshoot issues without having to attain live access to systems.

Downloads:
Please see attachments on this KB

Discussion

Why use it?
The log Gatherer is a great tool to get log information from customer environments, designed to be simple it can be used even when not knowing which information needs to be gathered.

What does it do?
Currently, it gathers logs from FNMS systems from 2015r1-2018r2
It gathers all FNMS logs within the past 8 days as well as many system environmental logs that are useful for determining other related issues such as IIS logging and windows system logging.


Lite and full-fat
Currently, I have 2 versions of the script, the full-fat version gathers both system and Flexera logs which is by default the best to use, however, some customers have concerns of sharing such information with us. In those scenarios, the Lite version can gather solely Flexera logs and settings to alleviate the customer's concerns.


How to use
Below is a script I use with customers to explain how to use the script, In addition, I also have a video tutorial which can be viewed and downloaded [see attatched]
We may have to get some further logs from the system for this,

I have attached a .bat to this case, if you can run this on your problem computer it will gather logs automatically for us.

-Please run as admin and attach the file it generates- c:\FNMSlogs.zip to this case once complete
-if the file fails to generate please manually compress the dir it generates instead at c:\FNMSlogs\
-Please append the archive names with what the system is, for example, ?COMPUTER123-BEACON?
-if the .zip is over 65mb please let me know and I can setup a box fileshare for this to be uploaded to

Once I have these logs I can cross check them and get a good overview of system enviromentals and error logs to take the case further.

Many Thanks,

Search Tools
Once you have received your logs a good tactic is to use advanced search tools to find what you are looking for, perhaps a certain text string amongst all the logs.

Two tools I use regularly for this are:

https://notepad-plus-plus.org
Great notepad viewer that is easy to do all around tasks in a multitude of files, mass-search, replace and smart viewing in .xml files makes this a good viewer.

http://astrogrep.sourceforge.net
A great tool for when your not really sure where to start looking, this tool allows you to search a directory recursively and all files underneath it. I use it with search terms such as ?Error? to get an idea of where issues are in a installation. It's also very quick.

Workaround

Unfortunately, I currently don't have a script to get agent logs and information from Linux/Unix/OSX systems. Fortunately though it's much simpler to do this manually-
How to obtain Flexera Agent Logs on Linux/Unix Systems
There are 2 directories on these systems we need in Flexera Support, I shall go through the process on where each one is in this guide,

First, open up a terminal and go to the root directory-
User-added image
User-added image

Then we need to Navigate to our first folder, /var/opt/managesoft/
User-added image
This folder contains all the operational settings for the Agent, we request you send us all the contents of this folder in an archive. [in particular both ?etc? and ?log?]

Next, we need to navigate to our second folder, /opt/managesoft/
User-added image
This folder contains all the installation files for the Agent, we request you send us all the contents of this folder in an archive. [in particular ?bin?]

If unsure on how to create an archive, please refer to the next page which goes over a creation in the terminal


The tar command on Linux is often used to create .tar.gz or .tgz archive files, also called ?tarballs.? This command has a large number of options, but you just need to remember a few letters to quickly create archives with tar. The tar command can extract the resulting archives, too.
The GNU tar command included with Linux distributions has integrated compression. It can create a .tar archive and then compress it with gzip or bzip2 compression in a single command. That?s why the resulting file is a .tar.gz file or .tar.bz2 file.
Compress an Entire Directory or a Single File
Use the following command to compress an entire directory or a single file on Linux. It?ll also compress every other directory inside a directory you specify?in other words, it works recursively.
tar -czvf name-of-archive.tar.gz /path/to/directory-or-file
Here?s what those switches actually mean:
  • -c: Create an archive.
  • -z: Compress the archive with gzip.
  • -v: Display progress in the terminal while creating the archive, also known as ?verbose? mode. The v is always optional in these commands, but it?s helpful.
  • -f: Allows you to specify the filename of the archive.
Let?s say you have a directory named ?stuff? in the current directory and you want to save it to a file named archive.tar.gz. You?d run the following command:
tar -czvf archive.tar.gz stuff
Or, let?s say there?s a directory at /usr/local/something on the current system and you want to compress it to a file named archive.tar.gz. You?d run the following command:
tar -czvf archive.tar.gz /usr/local/something
User-added image

Compress Multiple Directories or Files at Once

While tar is frequently used to compress a single directory, you could also use it to compress multiple directories, multiple individual files, or both. Just provide a list of files or directories instead of a single one. For example, let?s say you want to compress the /home/ubuntu/Downloads directory, the /usr/local/stuff directory, and the /home/ubuntu/Documents/notes.txt file. You?d just run the following command:
tar -czvf archive.tar.gz /home/ubuntu/Downloads /usr/local/stuff /home/ubuntu/Documents/notes.txt
Just list as many directories or files as you want to back up.
User-added image

Additional Information

The Index
Below is a table that explains what each component of the log gatherer does and where to find it once you receiveif as an archive. Not all of these will always be present depending on what it could find but it?s a good baseline to review this if you are unsure where to look
PathDescription
FNMSlogs\%computername%\TempLogs\This path holds all the Temporary logging information from the host machine.

Under this path, there is a replication of the local machine file structure so you can understand where these logs originate on the local system
\FNMSlogs\%computername%\FlexeraLogsThis path holds all the Traditional Flexera logs found under c:\ProgramData.

Under this path, there is a replication of the local machine file structure so you can understand where these logs originate on the local system
FNMSlogs\%computername%\systemlogsThis Path holds a series of logs and folders that are relevant to system environments, The next table will describe these in detail as they are not standard FNMS logging.
FolderFilenameDescription
systemlogs\RegExtractsregdumpx64.txtContains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp

This is the default location for Flexera Registry settings on x64 machines.
systemlogs\RegExtractsregdumpx86.txtContains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp

This is the default location for Flexera Registry settings on x86 machines.
systemlogs\RegExtractsinstalledx64.txtContains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
This path shows what installed x64 software is available according to registry entry traces
systemlogs\RegExtractsinstalledx86.txtContains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

This path shows what installed x86 software is available according to registry entry traces
systemlogs\RegExtractsieproxysettings.txtContains a registry Extract of the contents of: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

This shows what IE settings are in use, of particular, usefulness Proxy Settings that IE is using
systemlogs\RegExtractsdotNETx64.txtContains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework

Shows the registry integrity of the x64 .NET installations
systemlogs\RegExtractsdotNETx86.txtContains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework

Shows the registry integrity of the x86 .NET installations
systemlogs\RegExtractsSCHANNEL.txtContains a registry Extract of the contents of:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Useful for confirming what security protocols the system is allowing, for example, TLS1.2 needs enabling from the beacon for cloud connectivity. Here is a KB that goes over this: https://flexerasoftware.my.salesforce.com/articles/en_US/INFO/Transport-Layer-Security-TLS-Configuration?popup=false&navBack=H4sIAAAAAAAAAIuuVipWslLyzssvz0lNSU_1yM9NVdJRygaKFSSmp4ZkluSA-KVAvn58aaZ-NkyhPpCDosu-ODWxKDnDtiSnWKk2FgCVJE8AWAAAAA
systemlogs\RegExtractsps-ver.txtContains a registry Extract of the contents of:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell

Still a work in progress but the intention is to show the version of PowerShell installed which can be done by seeing what key nodes have been created under this path. Powershell queries can do this better which makes this a legacy method
systemlogs\RegExtractsNETinstalled-ver.txtContains a registry Extract of the contents of:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP

Shows what version of .NET is installed, the key nodes will be named which version is in use. A legacy way to gather this information. PS scripts do it better
systemlogs\NetworkTests\pingtest.txtShows the logs of a ping to www.flexera.com to confirm if connectivity to ping internet locations is available
ipconfig.txtShows a local overview of network options in use on the system, ip/domain/dns information
systemlogs\OSInformationsysteminfo.txtShows a general overview of windows environmental information, a combination of several sources of information (OS version, network, etc)
systemlogs\OSInformationsn.txtShows the local Serial Number as defined by the system Bios.
Useful if needing to cross check the system in the DB
systemlogs\PerformanceCpuload.txtShows the current cpu stress levels as per script runtime. Useful to determine if server is having performance issues
systemlogs\PerformanceHddspec.txtShows what HDD?s are available on the system, useful for tracking down an installation of FNMS if it was moved
systemlogs\PerformanceHddspace.txtShows how much space is remaining on the systemdrive as per runtime, useful if logs are being inconsistent. Low space is a culprit of logs not being able to generate properly amongst many other system issues.
\systemlogs\ApplicationsWmi-installed.csvA list of installed applications according to the WMIC service, queries the control panel ?add remove programs?
\systemlogs\Applicationswmi-installed.txtA list of installed applications according to the WMIC service, queries the control panel ?add remove programs?
systemlogs\Taskswmi-services.txtShows a list of currently running Services on the machine, useful for determing if the Flexera services are active and also what they run as
systemlogs\OSTasksscheduledtasks.csvShows the current scheduled task list, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc)
systemlogs\OSTasksProcesslist.csvShows the current processlist at time of running, shows what executibles are running, memory and cpu usage and PID
systemlogs\OSTasksTasklist.csvShows the current scheduled task list in a more basic form, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc)
systemlogs\OSTasksTasklist.txtShows the current scheduled task list in a more basic form, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc)
systemlogs\NetworkTests\netstat.txtShows the local network status of the device, what is listening on what ports and what connectivity is available. Useful for troubleshooting local firewall issues
systemlogs\OSInformation\Installedwinupdates.txtA list according to WMIC of the currently installed windows updates
systemlogs\OSInformation\Iever.txtShows the currently installed IE version
systemlogs\currentuser\whoisthis.txtShows information about the current user, in this file it shows who executed the script
systemlogs\IIS\apppools.xmlShows the current IIS AppPool settings in use in xml form
systemlogs\IIS\sites.xmlShows the current IIS site settings in use in xml form
systemlogs\NetworkTestscertstore.txtShows the contents of the current Certificate store using certutil -store
systemlogs\NetworkTestscertdump.txtShows the contents of the current certificate using certutil ?dump
systemlogs\OSInformation\eviewerlogs-system.evtxA log extract from the current OS system showing all system logs, useful for diagnosing system level issues
systemlogs\OSInformation\eviewerlogs-application.evtxA log extract from the current OS system showing all application logs, useful for diagnosing application level issues
systemlogs\OSInformation\eviewerlogs-security.evtx*DISABLED BY DEFAULT DUE TO SECURITY GATHERING CONCERNS*
A log extract from the current OS system showing all security logs, useful for diagnosing security level issues
systemlogs\OSInformation\installed-roles-and-features-legacy.txt*LEGACY ONLY WORKS ON WINSVR2K8*
Shows what roles and features are installed on the system, replaced with a powershell script above 2k8 [pending implementation to the script], this is here for legacy purposes
systemlogs\OSInformation\installed-roles-and-features-PS.txtAs above, the powershell variant for versions above 2k8
systemlogs\OSInformation\moresysteminfo.txtA WMIC output of general system information, its more detailed version of ?systeminfo?
systemlogs\Filepathinfo\cprogdump.txtA full filepath directory return of the following directories:
C:\program files, c:\program files (x86), c:\programdata

Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation
systemlogs\Filepathinfo\dprogdump.txtA full filepath directory return of the following directories:
d:\program files, d:\program files (x86), d:\programdata

Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation
systemlogs\Filepathinfo\eprogdump.txtA full filepath directory return of the following directories:
d:\program files, d:\program files (x86), d:\programdata

Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation
systemlogs\Applicationsdetailed-installedsoftware.txtA powershell script to show what installed software is available, alternative to the wmic method
systemlogs\OSInformation\detailed-computersystem.txtA powershell script to show what the system information is, an alternative to systeminfo
systemlogs\currentuser\loggedin-users.txtA powershell script to show what the current user is along with other logged in users, an alternative to the wmic method
systemlogs\OSTasks\detailed-processes.txtA powershell script to show what the current detailed processes are. An alternative to the wmic method
systemlogs\FNMSwebtestshttplocalmanagesoftDL.txtAttempts to do a local http download of managesoftdl/test
This is the FNMS test page component
systemlogs\FNMSwebtestshttpslocalmanagesoftDL.txtAttempts to do a local https download of managesoftdl/test
This is the FNMS test page component
systemlogs\FNMSwebtestssystemlogs\httplocalmanagesoftRL.txtAttempts to do a local http download of managesoftrl/test
This is the FNMS test page component
systemlogs\FNMSwebtestshttpslocalmanagesoftRL.txtAttempts to do a local https download of managesoftrl/test
This is the FNMS test page component
systemlogs\FNMSwebtestshttpLoadMonitoringPage.htmlAttempts to do a local http download of the FNMS monitoring page, only works when ran on the application server
systemlogs\FNMSwebtestshttpsLoadMonitoringPage.htmlAttempts to do a local https download of the FNMS monitoring page, only works when ran on the application server
systemlogs\IIS\IIS-Detaills-PS.txtAttempts to gather IIS confirmation and options via powershell scripts,
systemlogs\NetworkTests\hostfilesGathers the local system hostfiles from \windows\system32\drivers\etc good to see if any manual network redirects are in place
systemlogs\Filepathinfo\
systemusersdirdump.txtA full filepath directory return of the following directories:
C:\users

Useful for discovering managesoft temp files that could not be auto gathered as well as applications that like to hide in users appdata folders
Labels (1)
Was this article helpful? Yes No
100% helpful (1/1)
Version history
Last update:
‎Jan 18, 2019 05:48 PM
Updated by: