How To Collect SCCM Client Logs From ConfigMgr Console
Let’s see how to collect SCCM client logs from ConfigMgr console. You can collect the SCCM logs from the remote client machines by sending a client notification action from Configuration Manager console.
The feature to collect SCCM logs was first introduced in Configuration Manager technical preview 1912. This new feature was next added to SCCM 2002 release as well.
Collecting the log files from remote computers is a really useful for admins who normally require the log files to troubleshoot the ConfigMgr agent related issues.
If you haven’t explored this feature yet, this post should help you in understanding about the SCCM client log collection feature.
Table of Contents
What is Client Log Collection in SCCM?
Client log collection in SCCM is a feature that lets you trigger a client device to upload its logs. The log files are sent to the site server by sending a client notification action from the Configuration Manager console.
The client log collection in SCCM is very useful for admins who don’t want to retrieve log files from remote computers.
Imagine a situation where you as an IT admin would require reviewing SCCM client logs for troubleshooting a remote device.
Without the client log collection feature, the admins had to do the following to get the log files from remote computer.
- Walk up to user desk and manually collect SCCM client logs from the computer.
- If the computer is in a remote location, guide the user the location of Configuration Manager log files and ask user to send it via email.
- Launch CMTrace tool on the computer and connect to admin$ of the remote computer and review the client logs.
- Use a PowerShell script to copy the entire SCCM client log directory (C:\Windows\CCM\Logs) to computer and review the logs.
So as you can see, collecting the log files from remote SCCM computer is a tedious process. Hence, Microsoft introduced the feature to collect SCCM client logs to help admins troubleshoot the issues remotely.
Requirements to Collection SCCM Client Logs
Following are the requirements to collect SCCM logs using SCCM console:
- ConfigMgr Server and Console version should be 2002 or later version.
- You must update the client agent to the SCCM 2002 version (minimum version 5.00. 8968.1008) or later version.
- The client agent on the target computer should be online and must have active status in the SCCM console.
- Your Configuration Manager administrative user needs the Notify resource permission.
- The Full Administrator and Operations Administrator built-in roles have this permission by default.
- A proper connectivity to target computer is a must for collecting the log files.
With all the above prerequisites in place, you can collect SCCM logs from a remote computer.
SCCM Log files for Client Log Collection
When you intend to use the client log collection feature in SCCM, there is a associated log file. The log file associated with client log collection feature is Diagnostics.log.
This diagnostics.log file is located in the following location – C:\Windows\CCM\Logs folder. This log file confirms whether the client logs were sent to SCCM site server or not.
How to Collect SCCM Client Logs using Console
Let’s see how to collect log files from SCCM clients using console:
- In the Configuration Manager console, click Assets and Compliance workspace.
- Right-click on a device and select Client Diagnostics > Collect Client Logs.
Note: You can also select Collect Client Logs under Client Diagnostics from either the Device Collections or Devices node using the ribbon.
To collect the log files from a computer, the client device must be online. The client will be notified to collect the client logs which are further sent to site server. Click OK on the information box.
What happens when you trigger Log File Collection?
When you trigger the client log file collection, the following activities occur in the background:
- A client notification message is sent to the selected clients to gather the SCCM client logs.
- The logs are returned using software inventory file collection.
- You can review diagnostics.log on the client computer. This log file is located along with the other client log files in default location – C:\Windows\CCM\Logs folder.
- The maximum size limit for the compressed client logs is 100 MB
This diagnostics.log should tell you whether the client log files were sent to site server successfully or not. The line FileCollection: Successfully sent report confirms the log files were sent successfully to the site server.
Collecting log files ... DiagnosticsEndpoint PowerShell path: C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe DiagnosticsEndpoint FileCollection: Successfully sent report. Destination:mp:MP_SinvCollFileEndpoint, ID: {FDED4A8B-0D9C-4577-9E69-7B9A485AD5B9}, Timeout: 10080 minutes MsgMode: Signed, Not Encrypted DiagnosticsEndpoint
View the Client Logs from Console
In the above step we successfully gathered the client log files from remote computer. To view the log files, you must again use the Configuration Manager console.
To view the collected log files from ConfigMgr console:
- In the console, go to Devices node, right-click on the device you want to view logs for.
- Select Start, then select Resource Explorer.
- From Resource Explorer, click on Diagnostic Files.
- From the list of options, click View File and open the log files from CcmLogDataCollector\Logs folder.
On the Resource Explorer window, click Diagnostic Files and in the right pane you will see some fields.
- Collection Date
- File Name
- File Path
- Client Logs File Size (Bytes)
- Last Date Modified
When you right click the collected log file info, you get set of options.
- Open Support Center
- Copy
- View file
- Save
- Export
- Refresh
- Properties
When you click Open Support Center, the Configuration Manager Support Center viewer opens. It loads all the log files along with full path and name. To view a log file, simply double-click any file, and you can view the log file in Log Viewer tool.
Read: Tools to View SCCM log files
The next two options include Copy and View File. The Copy option copies the row information from Resource Explorer. While the View file opens the folder where the zip file is located with File Explorer.
Export the Client Logs
After you collect SCCM client logs, you can export the client logs and save it on your computer. The last two options are Save and Export. Save option opens a Save File dialog for the selected file.
Clicking Export saves the Resource Explorer columns shown in Diagnostic Files.
is there a way to trigger this action through WMI trigger schedules or any other way that can be scripted? it’s not listed in the documentation for WMI TriggerSchedule Method.
Hi, is there an option to collect an additional Custom Logfile with this function? Or I have to use the origin Software Inventory Collection feature. Thanks.
Tom
I’m receiving a similar error any solution? Any assistance is much appreciated.
PowerShell path: C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe
GetAllCcmLogs: Non-zero exit code. 5.
GetAllCcmLogs: Failed. 0x80004005.
Also, I have confirm the following:
Client Version: 5.00.9040.1044
Client online and shows as active in console
Client Check result Passed
Is the output in .json/CEF format or can it be in order to be ingested by a SIEM for example?
Thank you for your kind words
Great Article! Thank you. When I open an individual log file, there is a Live Update button but the flyout message that not all files support this feature. Would you know which Files support the Live Update feature?
Thanks
Hello, Prajwal!
I tried to get the logs of my client and this error was showed for me.
” GetAllCcmLogs: Failed. 0x80004005. DiagnosticsEndpoint 16/10/2020 16:16:17 1860 (0x0744) ”
Is There any recommendation?
Thanks in advance.
Check if the client is upgraded to latest version and is the client online and shows as active in console ?.
i am also getting same error any solution so far on this?