forked from microsoft/hcsshim
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathGet-ContainerLogs.ps1
More file actions
102 lines (85 loc) · 3.21 KB
/
Copy pathGet-ContainerLogs.ps1
File metadata and controls
102 lines (85 loc) · 3.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
$ErrorActionPreference = "Stop"
$now=get-date -Format("yyyyMMdd-HHmmss")
$outputPath = join-path $env:TEMP "container-logs-$now"
$containerdState = "c:\programdata\containerd\state"
mkdir $outputPath | Out-Null
$ErrorActionPreference = "SilentlyContinue"
Write-Host "- Gathering stack dumps, event logs, computer info and more:"
function gethveventlog($elName) {
$ErrorActionPreference = "SilentlyContinue"
Write-Host -NoNewLine "."
$out=join-path $outputPath "$elName.evtx"
if (Test-Path $out) { Remove-Item $out }
wevtutil.exe epl $elName $out 2>&1 | Out-Null
}
function getnteventlog($elName) {
$ErrorActionPreference = "SilentlyContinue"
Write-Host -NoNewLine "."
$log = Get-WmiObject -Class Win32_NTEventlogFile | Where-Object LogfileName -EQ "$elName" # | Out-Null
$outPath = join-path $outputPath "$elName.evtx"
if ($log -ne $null) {
$log.BackupEventlog($outPath) | Out-Null
}
}
$proc = (get-process containerd)
if ($proc -ne $null) {
docker-signal.exe -pid $proc.Id 2>&1 | Out-Null
$lookingFor = Join-Path $env:TEMP containerd.$($proc.Id).stacks.log
if (Test-Path $lookingFor) {
Copy-Item $lookingFor $outputPath
}
}
# Gather a copy of the containerd state directory
# TODO: A means is needed to get from containerd what the state directory
# is so that we could for example use ctr.exe to extract it. Unfortunately
# ctr version API only has version and revision.
$state = Join-Path $outputPath "state"
mkdir $state | Out-Null
xcopy /C/H/R/S/Y $containerdState $state | Out-Null
$procs = (get-process containerd-shim-runhcs-v1)
if ($procs.Length -gt 0) {
$procs | ForEach-Object {
docker-signal.exe -pid $($_.Id) | Out-Null
$lookingFor = Join-Path $env:TEMP containerd-shim-runhcs-v1.$($_.Id).stacks.log
if (Test-Path $lookingFor) {
Copy-Item $lookingFor $outputPath
}
}
}
$proc = (get-process dockerd)
if ($proc -ne $null) {
docker-signal.exe -pid $proc.Id 2>&1 | Out-Null
$drd=$(docker info -f "{{.DockerRootDir}}")
$lookingFor = get-childitem $drd -Filter goroutine* | sort creationtime | select -expand fullname -last 1
if (Test-Path $lookingFor) {
Copy-Item $lookingFor $outputPath
}
}
# Get the process list
Write-Host -NoNewline "."
tasklist.exe | Out-File $(Join-Path $outputPath tasklist.txt)
# Save system an application event logs
getnteventlog "System"
getnteventlog "Application"
# Save all the Hyper-V event logs
$el = $(wevtutil.exe el)
$el | ForEach-Object {
if ($_.StartsWith("Microsoft-Windows-Hyper")) {
gethveventlog $_
}
}
# Save the drive info (includes drive letter, free and size)
$di = $(Join-Path $outputPath "driveinfo.txt")
Get-WmiObject -Class Win32_logicaldisk -Filter "DriveType = '3'" | Out-File $di
# Save the Operating system Info
$os = $(Join-Path $outputPath "win32_operatingsystem.txt")
Get-WmiObject -Class Win32_OperatingSystem | Out-File $os
# Save the ComputerInfo
$ci = $(Join-Path $outputPath "Get-ComputerInfo.txt")
Get-ComputerInfo | Out-File $ci
$zip = "c:\container-logs-$now.zip"
Write-Host ""
Write-Host "- Compressing"
Compress-Archive $outputPath/* -DestinationPath $zip
Remove-Item $outputPath -Recurse -Force
Write-Host "- Saved to $zip"