Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Overview
There may be a time when Netlogon Debug Logging is required over a prolonged period of time, and all entries must be saved. The standard size of the Netlogon.log is 20mb which rolls over to a 20mb Netlogon.bak file. On a busy server, this can result in a rollover time of an hour or less. One option is to increase the size of the log, but that results in text files that take longer to parse through
The sample script below does the following:
- Monitors for changes to the netlogon.bak file [configurable interval]
- When a change is detected, it will compress the file, and name the .zip to be a combination of the server name and timestamp
- If the change was on server1 on 6/1/2012 at 1:30pm
SERVER1 netlogon 2012-6-1 H13 M30 S0.zip
- If the change was on server1 on 6/1/2012 at 1:30pm
- The location of the zip file is configurable
Script Limitations
- Must be ran directly on each server
- Does not recover from a reboot
- Has no error handling
This script can be enhanced or modified to suit other logs and other purposes.
**DISCLAIMER: This sample script is provided AS-IS with no warranties and confers no rights.
**
Sample PowerShell Code
################################################################
#SCRIPT TITLE Netlogon archival
#AUTHOR Joji Oshima - Microsoft Corporation
#VERSION 1.0
################################################################
# Configuration Section
$loglocation = "c:\windows\debug\netlogon.bak" #location of the netlogon.bak file
$ziplocation = "c:\temp\ #location we want the zip files
$interval = 15 #seconds between checks
#functions
function New-Zip
{
param([string]$zipfilename)
set-content $zipfilename ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
(dir $zipfilename).IsReadOnly = $false
}
function Add-Zip
{
param([string]$zipfilename)
if(-not (test-path($zipfilename)))
{
set-content $zipfilename ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
(dir $zipfilename).IsReadOnly = $false
}
$shellApplication = new-object -com shell.application
$zipPackage = $shellApplication.NameSpace($zipfilename)
foreach($file in $input)
{
$zipPackage.CopyHere($file.FullName)
Start-sleep -milliseconds 500
}
}
# Program Start
$last = (get-item $loglocation).lastwritetime
$computer = gc env:computername
# Loop until we cancel
do
{
$latest = (get-item $loglocation).lastwritetime
$now = get-date
cls
Write-Host "`n"
Write-Host " WARNING: This script sample is provided AS-IS with no warranties and confers no rights." -ForegroundColor Yellow
Write-Host " This script sample is NOT intended for production use." -ForegroundColor Yellow
Write-Host " There is NO error handling and is not ready for mission-critical work." -ForegroundColor Yellow
Write-Host "`n This script sample will attempt to archive the netlogon debug logs`n"
Write-Host "`n Press CTRL-C to stop the script.`n" -ForegroundColor Yellow
Write-Host " Last Checked: $now" -ForegroundColor Green
$now = $now.AddSeconds($interval)
Write-Host " Next Check: $now" -ForegroundColor Green
Write-Host " ---------------------------------" -ForegroundColor Green
if ($last -eq $latest)
{
Write-Host " No change`n" -ForegroundColor Green
$latest
$last
}
else
{
Write-Host " Change detected! Archiving $loglocation`n" -ForegroundColor Yellow
$latest
$last
$last = $latest
$year = $latest.Year
$month = $latest.Month
$day = $latest.Day
$hour = $latest.Hour
$minute = $latest.Minute
$second = $latest.Second
new-zip $ziplocation"$computer netlogon $year-$month-$day H$hour M$minute S$second.zip"
dir $loglocation | add-zip $ziplocation"$computer netlogon $year-$month-$day H$hour M$minute S$second.zip"
}
Start-Sleep -s $interval
} until ($last -eq 0)
################################################################
Acknowledgements & Links
The zipping functionality of this script was used from David Aiken's MSDN Blog.
Compress Files with Windows PowerShell then package a Windows Vista Sidebar Gadget
http://blogs.msdn.com/b/daiken/archive/2007/02/12/compress-files-with-windows-powershell-then-package-a-windows-vista-sidebar-gadget.aspx
Enabling Netlogon Debug Logging
http://support.microsoft.com/kb/109626