PowerShell function that super simplifies getting the right SCCM log
The solution to the "I don't know which SCCM log should I open?" question
4 min read
As you probably know SCCM has great logging capability. Almost every action is logged...in some log which is stored somewhere. These words some and somewhere are really important though 😀.
To make it more interesting if you try to solve issue like "why isn't this application deploying?" you have to open not one, but several logs to get the solution. Moreover, some logs are stored on the client side, some on the server side. And there are also several locations where the logs are stored. Not mentioning the dynamically named logs.
There is a nice official page with list of all available logs and their description. But it's quite long and it can take a while to find the correct information.
So what I've done is that I've created PowerShell function Get-CMLog that solves all those complications I've mentioned above and more 🤯!
Install module SCCMStuff , import it and call function
Get-CMLog or download, dot source, and then run
Get-CMLog function like this
As you can see this test shows debugging SCCM client installation issue so the function opens ccmsetup, ccmrepair, client.msi,... logs in the Log Viewer application.
What SCCM log should I open?
This is the hardest part, right?
For each issue you can encounter there are different logs to check. For "Application Installation" there are 'AppDiscovery', 'AppEnforce', 'AppIntentEval', 'Execmgr'. For "PXE" related issues 'Distmgr', 'Smspxe', 'MP_ClientIDManager' etc.
To get some more examples, check official documentation, mainly the Log files by functionality part.
And that is what I did too when Get-CMLog function was created.
I took all these by-functionality-grouped logs and make them available through
Area parameter which therefore lets you specify what kind of problem you have. For example:
Compliance, etc (its approx 50 of them).
Get-CMLog function then decides what logs should be opened, output description for each of them, and opens them in preferred log viewer application 👍.
TIP: you can use the parameter
maxHistoryto open archived logs too
What is the log purpose?
Log purpose/description can be found again in official documentation.
TIP: What I made to be able to show this information was to request the official documentation page content, extract just HTML tables and convert them to PSObject using my ConvertFrom-HTMLTable function and cache the results to an XML file (so the next request can be faster).
Where are the SCCM logs stored?
Client logs locations:
C:\Windows\CCM\Logs(SCCM client processing logs)
C:\Windows\ccmsetup\Logs(SCCM client installation logs)
C:\Windows\Temp(SCCM Remote Control logs)
C:\Program Files (x86)\Microsoft Endpoint Manager\AdminConsole\AdminUILog\(SCCM console logs)
Server logs locations:
C:\Program Files\Microsoft Configuration Manager\Logs
C:\Program Files\Update Services\LogFiles(WSUS)
C:\Program Files\Configuration Manager\Logs\M365A(Service Connection Point)
But as I said, you don't have to worry about it anymore.
What viewer use to open the logs?
It is always better to open the logs in
CMTrace instead of
Notepad, but it is even better to use
One Trace because these can merge multiple logs into one view 😀!
Get-CMLog tries to find these and if not successful, uses default associated viewer instead.
What about archived logs?
As you've probably noticed, SCCM automatically creates a new log when reaching internal threshold. Old log is then renamed to:
To take this into account function
maxHistory parameter which lets you specify the number of archived logs you want to show (default is 0).
Get-CMLog function to the rescue
The solution to all mentioned "complications" can be my PowerShell function Get-CMLog which:
- Offers dozens of predefined problems "areas" that groups logs by purpose and removes the need to know which log you should open when fixing issue XYZ i.e. opens the right log(s) for you
- Supports TAB completion
- Supports opening logs by name too (function knows where every log should be stored, so just log name is enough information)
- Shows log(s) description
- Supports opening archived log(s)
- Supports opening logs on remote computers
If the log is stored on the SCCM server, you will have to specify the parameter
SCCMServer. Moreover, admin share C$ will be used to access such log, so run function under the proper account.
Problems (area) you have isn't listed?
Get-CMLog probably does not cover all possible SCCM-related problems you can encounter. In case you will miss something, you can customize it on your own or ping me on Twitter ( @AndrewZtrhgf ) and I will modify it.
Did you find this article valuable?
Support Ondrej Sebela by becoming a sponsor. Any amount is appreciated!