Keeping backups of Cluster Logs

  • Article

In a previous blog, Understanding the Cluster Debug Log in 2008, you were given the information on how Cluster logging in Windows 2008 Failover Clustering and beyond has changed from the earlier versions. In this blog, you were shown how the size of the log can be manipulated in order to keep a recommended 72 hours’ worth of data. Just to recap:

It is generally recommended that your CLUSTER.LOG have at least 72 hours’ worth of continuous data retention. This is so that if you have a failure occur after you went home on Friday, you still have the data you need to troubleshoot the issue on Monday morning’

What if you wanted to get information from further back (i.e. a week, a month, etc)? One of the ways you could do this is to increase the size of the log with the /SIZE: switch. However, increasing the size for say a month could get you into gigabytes of space being used and text files being massive and hard to go through. Have you ever tried to open a 1 gigabyte text file with Notepad?

Here is a way that you can keep the file at a smaller size and keep backups that can be referred back to at any time. First, you must determine what size is needed to hold 24 hours’ worth of data. This way, you can have a Cluster Log generated for every day. The next thing to consider is where you want to store the files, local or network share. What if you wanted to do this for multiple Clusters? Let’s say that you figured that you need the log size to be at 200meg and you are going to put it on a server (JOHNMARLIN).

The previous blog mentioned will have you run the command Cluster Log /Size:200 to set the proper size based on the data needed. I do this for all my Clusters. I then go out to my JOHNMARLIN server and create a share for each Cluster (TXCLUSTER, NCCLUSTER, etc). Now I just have to go to one node in each of the Clusters to set things up.

On the node you doing the task on, go into Control Panel - Region and Language and change the Short date to yyyy-MM-dd.

image

On this node, you could create a CLUSTERLOG folder off the root of Drive C:. In this C:\CLUSTERLOG directory, create a batch file called Get-Logs.bat that has the following commands:

Net use j: /d
Net use j: \\johnmarlin\txcluster
Md j:\%date%
Cluster log /gen /copy:"c:\clusterlog"
Copy c:\clusterlog\*.log j:\%date%\*.log
Net use j: /d

I used Drive Letter J:, but you can use any available letter. So what the batch file will do when run today (June 18, 2012) is: 

1. It will create a folder on the share named by the date

a. 2012-06-18

2. It will generate the Cluster on every node

3. It will copy the cluster logs from all nodes to the local c:\clusterlog folder and tag the Node Name as part of the filename

a. TXCLUSTER-node1_cluster.log
b. TXCLUSTER-node2_cluster.log
c. TXCLUSTER-node3_cluster.log
d. TXCLUSTER-node4_cluster.log

4. It will copy the cluster logs from this c:\logs folder to the share folder with the date and keeping the same name

a. \2012-06-18\TXCLUSTER-node1_cluster.log
b. \2012-06-18\TXCLUSTER-node2_cluster.log
c. \2012-06-18\TXCLUSTER-node3_cluster.log
d. \2012-06-18\TXCLUSTER-node4_cluster.log

When it runs the next day:

1. It will create a folder on the share named by the date

a. 2012-06-19

2. It will generate the Cluster on every node

3. It will copy the cluster logs from all nodes to the local c:\clusterlog folder and tag the Node Name as part of the filename

a. TXCLUSTER-node1_cluster.log
b. TXCLUSTER-node2_cluster.log
c. TXCLUSTER-node3_cluster.log
d. TXCLUSTER-node4_cluster.log

4. It will copy the cluster logs from this c:\clusterlog folder to the share folder with the date keeping the same name

a. \2012-06-19\TXCLUSTER-node1_cluster.log
b. \2012-06-19\TXCLUSTER-node2_cluster.log
c. \2012-06-19\TXCLUSTER-node3_cluster.log
d. \2012-06-19\TXCLUSTER-node4_cluster.log

It runs the next day, it creates the next dated folder and files. This way, you have an easily sorted folder structure that you can go to any day you want and get the file you need from whichever node you need.

The next thing to do is set up a Scheduled Task to run each day so it creates the files for you. This way, you do not have to remember to do it. From the Administrative Tools, open up Task Scheduler and select Create Task. You can then use the below information to create the task.

A. General Tab

i. For the Name, call it something like Cluster Daily Log Backups
ii. make sure use an account that has admin rights to this node, to the Cluster, and the network share
iii. select Run whether user is logged in or not
iv. You will also need to select Run with highest privileges

image

B. Triggers Tab

i. Set whatever time you want it to run.  One thing to keep in mind is that the Cluster Log is in GMT time, so account for it when deciding when to have them created
ii. Select it to run daily and recur for 352 days
iii. Make sure is Enabled

image

C. Actions Tab

i. Program/Script will be CMD.EXE
ii. Add Arguments will be /C C:\Logs\Get-Logs.bat

image

D. Conditions Tab

i. Don't really need change anything unless want to

E. Settings Tab

i. Check Allow task to be run on demand
ii. Check Run task as soon as possible after scheduled start is missed

image

So now you have your task that will do this for you. You can now just sit back and relax knowing that you will have a Cluster Log generated for every node every day.

There are a couple caveats to this that you must take into consideration. If the account you are using has its password changed on the domain, you will have to change it on the task as well.  It will stop running after 352 days, so if you want more, you would have to create it again.  But you will have a year's worth of Cluster Logs when it is done. 

There are other ways of doing this. You could use scripting and the PowerShell command:

Get-ClusterLog –Destination

You could also use other methods than the batch file. This is just one of the ways of doing it.

 

Happy Clustering !!!

John Marlin
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support