Environment
Objective
On occasion Support may request an export of the Windows Event Viewer logs to assist with troubleshooting in addition to any Carbon Black logs relevant to an issue.
Resolution
Open Event Viewer in Windows
- For Windows 10 right click the Windows button
- Select Event Viewer
In the far left pane expand Windows logs
3. Under Windows logs highlight "Application"
4. In the far right pane select the option for: "Save all events as"
5. Name the file "Application (case number)"
6. Save the file to a preferred location
7. Under Windows logs highlight "System"
8. Repeat steps 4 – 6.
Note: Please name the file "System (case number)" for this step
Once the system and application logs have been exported and saved please proceed with the following:
Create a folder on the desktop called Events
Copy/paste the system and application events exported into the folder
Right click on the folder and point to the option for "Send to"
Select the option for "Compressed (zipped) folder"
- Upload the folder to the Cb Evidence Vault located here: Cb Vault
Additional Notes
These steps are only relevant to exporting the Windows application and system event viewer logs. The event logs should only be needed when requested by a support representative for troubleshooting a product related issue on a Windows operating system. If an administrator is unable to export the event viewer logs for any reason please contact Microsoft to assist.
Related Content
Cb Vault
Diagnostic utility to collect Carbon Black endpoint logs
Download, prepare and begin a low-altitude Process Monitor (procmon) capture
Windows Event Log (Windows) https://msdn.microsoft.com/en-us/library/windows/desktop/aa363632(v=vs.85).aspx
#EndpointStandard#EDR#AppControl