Windows 2008 Clustering & the Cluster Log

Where is the cluster log in Windows 2008 ?

This short answer is its no longer there. On our Windows 2008 cluster node if we navigate to %systemroot%\system32\LogFiles\Cluster your wont find the cluster.log file anymore.

Why ? Its been replaced by a much more sophisticated event based tracing system.

The Vista\Windows Server 2008 Event Model is the next generation of Windows Event Logging and replaces the current version of the Event Log shipped in Microsoft® Windows® 2003 Server, Microsoft® Windows® XP, Windows 2000, and previous versions of Microsoft® Windows NT®.

The new model is a major update to the NT Event Log service. It maintains 100% backwards compatibility with the existing APIs and functionality and fully leverages the existing NT Event Log instrumentation in the applications and services. At the same time, it eliminates some of the limitations of the NT Event Log and provides additional features to better support monitoring and diagnostics of Windows applications, services, components, and drivers.

In a future post I will go through the new Logging and tracing features for clusters in Windows 2008 but for now lets look at how to get access to the old familiar cluster.log file.

Here's how to go about it.

1.   Go to a command prompt

2.  Type "Cluster /Cluster:yourclustername log /gen /copy "C:\temp". You should get output as follows

3. Navigate to the c:\temp directory and there you will find the .log files for each node of your cluster.

The cluster log can now be opened in Notepad.

Please note that you need to run this command after each change as its not dynamically updated like the old .log file.