Obs/bin/ObsAgent/lib/Scripts/DiagnosticLogRoleConfiguration.json
|
{
"DeploymentLogs": { "Nodes": [ "PhysicalMachines", "AllVms" ], "FileLog": [ "$env:SystemDrive\\CloudDeployment\\Logs\\", "$env:windir\\Logs\\CBS\\" ], "CSVLog": [], "WindowsEventLog": [] }, "BootstrapDiagnostics": { "Nodes": ["PhysicalMachines", "AllVms"], "FileLog": [ "$env:windir\\System32\\Bootstrap\\Logs\\*.etl*" ], "ShareLog": [], "WindowsEventLog": [] }, "BareMetal": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:windir\\logs\\DISM\\DISM.log", "$env:SystemDrive\\Windows\\debug\\", "$env:windir\\Logs\\CBS\\" ], "CSVLog": [], "WindowsEventLog": [ "Setup", "System", "Application", "*Microsoft-Windows-DSC*", "Microsoft-Windows-Health/Diagnostic", "Microsoft-Windows-Kernel-Boot/Operational", "Microsoft-Windows-CodeIntegrity/Operational", "Microsoft-Windows-PowerShell/Operational", "Microsoft-Windows-BitLocker/BitLocker Management", "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational", "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin", "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Verbose", "Microsoft-Windows-SMBServer/Audit", "Microsoft-Windows-SmbClient/Security", "Microsoft-Windows-SmbClient/Audit", "Microsoft-Windows-FailoverClustering/Diagnostic", "Microsoft-Windows-FailoverClustering-NetFt/Verbose", "Microsoft-Windows-Dhcp-Client/Admin", "Microsoft-Windows-Dhcp-Client/Operational" ] }, "ECE": { "Nodes": [ "PhysicalMachines", "AllVms" ], "FileLog": [ "$env:SystemDrive\\maslogs\\", "$env:LocalRootFolderPath\\maslogs\\", "$env:SystemDrive\\Observability\\maslogs\\", "$env:SystemDrive\\Observability\\ECE", "$env:SystemDrive\\Observability\\ECEAgent" ], "CSVLog": [], "WindowsEventLog": [ "Microsoft-Windows-WMI-Activity/Operational", "Microsoft-Windows-WinRM/Operational", "Microsoft.AzureStack.LCMController.EventSource/Admin" ], "ScriptExecution":{ "NugetName": "Microsoft.AzureStack.Role.ECE", "ScriptPath":"content\\Powershell\\Scripts\\GetActionPlanInformation.ps1" } }, "ALM": { "Nodes": [ "PhysicalMachines", "AllVms" ], "FileLog": [ "$env:SystemDrive\\Observability\\ALM\\*.etl*", "$env:SystemDrive\\Observability\\ALMSystemAgents\\", "$env:SystemDrive\\Observability\\TraceCollectorAgent\\*.etl*", "$env:SystemDrive\\maslogs\\AgentTrace\\*.etl", "$env:LocalRootFolderPath\\maslogs\\AgentTrace\\*.etl" ], "CSVLog": [], "WindowsEventLog": [] }, "MOC_ARB": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\MOC_ARB\\", "$env:systemdrive\\ProgramData\\kva\\kva.log" ], "CSVLog": [ "$env:SystemDrive\\ClusterStorage\\Infrastructure_1\\ArcHci\\ubercrud.log", "$env:SystemDrive\\ClusterStorage\\Infrastructure_1\\ArcHci\\archcilogs_*.zip" ], "WindowsEventLog": [ "Microsoft-Windows-Hyper-V-Config-Admin.evtx", "Microsoft-Windows-Hyper-V-Config-Operational.evtx", "Microsoft-Windows-Hyper-V-Shared-VHDX/Reservation.evtx" ], "ScriptExecution":{ "NugetName": "Microsoft.AzureStack.MocArb.LifeCycle", "ScriptPath":"content\\Scripts\\MocArbLogCollection.ps1" } }, "FleetDiagnosticsAgent": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\FleetDiagnosticsAgent\\*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "ObservabilityLogmanTraces": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\ObservabilityLogmanTraces\\observabilityLogmanTraces.etl*" ], "ShareLog": [], "WindowsEventLog": [] }, "RemoteSupportAgent": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\RemoteSupportAgent\\*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "OSUpdateLogs": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:windir\\logs\\mosetup\\updateagent.log", "$env:SystemDrive\\`$WINDOWS.~BT\\Sources\\Panther\\setupact.log", "$env:windir\\logs\\windowsupdate\\*.etl*", "$env:windir\\Logs\\CBS\\" ], "CSVLog": [], "WindowsEventLog": [] }, "AutonomousLogs": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\AutonomousLogs\\" ], "CSVLog": [], "WindowsEventLog": [] }, "OEMDiagnostics": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\OEMDiagnostics\\*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "ObservabilityVolume": { "Nodes": [ "PhysicalMachines", "AllVms" ], "FileLog": [], "CSVLog": [], "WindowsEventLog": [ "Microsoft-AzureStack-Observability/Operational" ] }, "HostNetwork": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\HostNetwork\\NetworkAtcTracing\\NetworkAtcTrace_*.etl*", "$env:LocalRootFolderPath\\NetworkAtcTracing\\NetworkAtcTrace_*.etl*" ], "WindowsEventLog": [ "Microsoft-Windows-Networking-NetworkAtc/Admin", "Microsoft-Windows-Networking-NetworkAtc/Operational" ], "ScriptExecution":{ "NugetName": "Microsoft.AS.Network.Deploy.HostNetwork", "ScriptPath":"content\\Powershell\\Scripts\\HostNetworkLogCollection.ps1" } }, "Health": { "Nodes": [ "PhysicalMachines", "AllVms" ], "FileLog": [ "$env:SystemDrive\\Observability\\HealthAndMonitoring\\Diagnostics\\HealthAgent\\*Health.HealthAgent*.etl*", "$env:SystemDrive\\Observability\\HealthAndMonitoring\\Diagnostics\\HealthAgent\\CommonInfra\\*Health.HealthAgent.CommonInfra*.etl*", "$env:SystemDrive\\Observability\\HealthAndMonitoring\\Diagnostics\\HealthService\\*Health.HealthService*.etl*" ] }, "HCICloudService": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:systemdrive\\Users\\HciDeploymentUser\\Documents\\Register*.log", "$env:systemdrive\\Users\\HciDeploymentUser\\Documents\\Unregister*.log", "$env:systemdrive\\ProgramData\\AzureConnectedMachineAgent\\Log\\*.log", "$env:SystemDrive\\CloudContent\\*.log", "$env:LocalRootFolderPath\\CloudContent\\*.log", "$env:windir\\Windows\\Tasks\\ArcForServers\\*.log" ], "CSVLog": [], "WindowsEventLog": [ "Microsoft-AzureStack-HCI/Admin", "Microsoft-AzureStack-HCI/Debug", "Microsoft-AzureStack-HCI-ClusterAgent/Admin", "Microsoft-AzureStack-HCI-ClusterAgent/Debug", "Microsoft-Edge-DeviceManagementExtension/DeviceManagementService" ] }, "DownloadService": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\Download\\Standalone\\*Microsoft.AzureStack.Download.DownloadStandalone*.etl*", "$env:SystemDrive\\Observability\\Download\\Service\\*Microsoft.AzureStack.Download.DownloadService*.etl*", "$env:SystemDrive\\Observability\\Download\\CauDebugTraces\\*.zip", "$env:SystemDrive\\Observability\\Download\\UdiSessions\\Scan-*\\udiapi.log", "$env:SystemDrive\\Observability\\Download\\UdiSessions\\Download-*\\udiapi.log", "$env:windir\\Logs\\CBS\\CBS.log", "$env:windir\\Logs\\MoSetup\\udiapi-osget*.log", "$env:windir\\Logs\\MoSetup\\UpdateAgent*.log", "$env:windir\\Logs\\MoSetup\\ActionList.xml", "$env:windir\\Logs\\MoSetup\\DeviceInventory.xml" ], "CSVLog": [ "$env:SystemDrive\\ClusterStorage\\Infrastructure_1\\Shares\\SU1_Infrastructure_1\\Updates\\GetCauOutput\\" ], "WindowsEventLog": [] }, "URP": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\URP\\*AzureStack.Update.Admin*.etl*" ], "CSVLog": [ "$env:SystemDrive\\ClusterStorage\\Infrastructure_1\\Shares\\SU1_Infrastructure_1\\Updates\\HealthCheck\\*\\*.json" ], "WindowsEventLog": [] }, "ArcAgent": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\ProgramData\\AzureConnectedMachineAgent\\Log" ], "CSVLog": [], "WindowsEventLog": [] }, "Extension": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\ProgramData\\GuestConfig\\ext_mgr_logs", "$env:SystemDrive\\ProgramData\\GuestConfig\\arc_policy_logs", "$env:SystemDrive\\ProgramData\\GuestConfig\\extension_logs", "$env:SystemDrive\\ProgramData\\GuestConfig\\extension_reports" ], "CSVLog": [], "WindowsEventLog": [] }, "CommonInfra": { "Nodes": [ "PhysicalMachines", "AllVms" ], "FileLog": [ "$env:SystemDrive\\Observability\\CommonInfra\\Service\\*AzureStack.Common.Infrastructure*.etl*", "$env:SystemDrive\\Observability\\CommonInfra\\Middleware\\*AzureStack.Common.Infrastructure.Middleware*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "VirtualMachines": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\InfraVM\\*AzureStack.Roles.VirtualMachines*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "CloudManagementConfig": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\CloudManagement\\*ASZ.CloudManagement*.etl*" ], "CSVLog": [], "WindowsEventLog": [] }, "TestObservability": { "Nodes": [ "PhysicalMachines" ], "FileLog": [ "$env:SystemDrive\\Observability\\TestObservability" ], "CSVLog": [], "WindowsEventLog": [] }, "UtcGenevaExporter": { "Nodes": ["PhysicalMachines"], "FileLog": [ "$env:SystemDrive\\Observability\\UtcGenevaExporter\\" ], "ShareLog": [], "WindowsEventLog": [] } } |