Obs/bin/Configs/ArcAutonomous/DiagnosticLogRoleConfiguration.json

{
    "DeploymentLogs": {
        "Nodes": ["PhysicalMachines", "AllVms"],
        "FileLog": [
            "$env:SystemDrive\\CloudDeployment\\Logs\\",
            "$env:SystemDrive\\Windows\\Networkatctrace.etl"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "BareMetal": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:windir\\logs\\DISM\\DISM.log",
            "$env:windir\\Logs\\CBS\\"
        ],
        "ShareLog": [],
        "WindowsEventLog": [
            "Setup",
            "System",
            "Application",
            "*Tracecollector*",
            "*Microsoft-Windows-DSC*",
            "Microsoft-Windows-Health/Diagnostic",
            "Microsoft-Windows-Kernel-Boot/Operational",
            "Microsoft-Windows-CodeIntegrity/Operational"
        ]
    },
    "ECE": {
        "Nodes": ["PhysicalMachines", "AllVms"],
        "FileLog": [
            "$env:SystemDrive\\maslogs\\",
            "$env:SystemDrive\\Observability\\maslogs\\",
            "$env:SystemDrive\\Observability\\ECE",
            "$env:SystemDrive\\Observability\\ECEAgent"
        ],
        "ShareLog": [],
        "WindowsEventLog": [
            "Microsoft-Windows-WMI-Activity/Operational",
            "Microsoft-Windows-WinRM/Operational"
        ]
    },
    "ALM": {
        "Nodes": ["PhysicalMachines", "AllVms"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\ALM\\*.etl*",
            "$env:SystemDrive\\Observability\\ALMSystemAgents\\",
            "$env:SystemDrive\\Observability\\TraceCollectorAgent\\*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "MOC_ARB": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\MOC_ARB\\"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "FleetDiagnosticsAgent": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\FleetDiagnosticsAgent\\*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "ObservabilityAgent": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\ObservabilityAgent\\*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "ObservabilityLogmanTraces": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\ObservabilityLogmanTraces\\observabilityLogmanTraces*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "RemoteSupportAgent": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\RemoteSupportAgent\\*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "OSUpdateLogs": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:windir\\logs\\mosetup\\updateagent.log",
            "$env:SystemDrive\\`$WINDOWS.~BT\\Sources\\Panther\\setupact.log",
            "$env:windir\\logs\\windowsupdate\\*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "AutonomousLogs": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\AutonomousLogs\\"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "OEMDiagnostics": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\OEMDiagnostics\\*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "ObservabilityVolume": {
        "Nodes": ["PhysicalMachines", "AllVms"],
        "FileLog": [],
        "ShareLog": [],
        "WindowsEventLog": [
            "Microsoft-AzureStack-Observability/Operational"
        ]
    },
    "NC": {
        "Nodes": ["NC"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\NC\\SDNDiagnostics\\*SDNDiagnosticsTrace*.etl*"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    },
    "Health": {
        "Nodes": ["PhysicalMachines", "AllVms"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\HealthAndMonitoring\\Diagnostics\\HealthAgent\\*Health.HealthAgent*.etl*",
            "$env:SystemDrive\\Observability\\HealthAndMonitoring\\Diagnostics\\HealthAgent\\CommonInfra\\*Health.HealthAgent.CommonInfra*.etl*",
            "$env:SystemDrive\\Observability\\HealthAndMonitoring\\Diagnostics\\HealthService\\*Health.HealthService*.etl*"
        ]
    },
    "HCICloudService": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:systemdrive\\Users\\HciDeploymentUser\\Documents\\Register*.log",
            "$env:systemdrive\\Users\\HciDeploymentUser\\Documents\\Unregister*.log",
            "$env:systemdrive\\ProgramData\\AzureConnectedMachineAgent\\Log\\*.log",
            "$env:windir\\Windows\\Tasks\\ArcForServers\\*.log"
        ],
        "ShareLog": [],
        "WindowsEventLog": [
            "Microsoft-AzureStack-HCI/Admin",
            "Microsoft-AzureStack-HCI/Debug",
            "Microsoft-AzureStack-HCI-ClusterAgent/Admin",
            "Microsoft-AzureStack-HCI-ClusterAgent/Debug"
        ]
    },
    "DownloadService": {
        "Nodes": ["PhysicalMachines"],
        "FileLog": [
            "$env:SystemDrive\\Observability\\Download\\Standalone\\*Microsoft.AzureStack.Download.DownloadStandalone*.etl*",
            "$env:SystemDrive\\Observability\\URP\\UdiSessions\\udiapi.log",
            "$env:SystemDrive\\Observability\\URP\\UdiSessions\\metadata\\*.AggregatedMetadata.cab",
            "$env:SystemDrive\\ClusterStorage\\Infrastructure_2\\Shares\\SU1_Infrastructure_2\\Updates\\GetCauOutput\\*.cab"
        ],
        "ShareLog": [],
        "WindowsEventLog": []
    }
}