Friday, July 7, 2017

Real time logging your Microsoft RDS environment using PowerShell

All Remote Desktop Services events logs in a single pane? Every RDS event from machine A and B that has written an event in last 10 minutes? Listen to events from RDS event logs in real time from all RDS related servers in your deployment?

Jason Gilbertson, a Technical Advisor at Microsoft who works closely with the RDS Product team wrote a single PowerShell that does all of the above, and much more!!

Some of the features:

- Export logs locally or remotely to .csv format on local machine grouped by machine name

- Convert *.evt* files to .csv

- View and manage 'debug and analytic' event logs

- Listen to event logs real-time from local or remote machines displaying color coded messages in console

Although the script is very multifunctional, it has specific parameters for RDS to allow you to collect RDS related event log from all servers that are running RDS roles. So, for example, you can combine all event logs from your RD Connection Broker-, RD Web Access-, RD Gateway- and RD Session Host Servers in single view.

The script also exports to CSV which allows you to feed the exports into Excel Graphs or PowerBI environments for further analysis.

A couple of examples;

Query rds event logs for last 10 minutes on a remote RD Connection Broker Server
PS C:\>.\event-log-manager.ps1 -rds -minutes 10 -Machines rdcb-01

clip_image002

Below is what the command outputs to CSV:

clip_image004

Example command to enable ‘debug and analytic’ event logs for 'rds' event logs and 'dns' event logs:
PS C:\>.\event-log-manager.ps1 –enableDebugLogs -eventLogNamePattern dns -rds -machines rdcb-01

clip_image006

Below is what the command outputs to CSV:

clip_image008

Example command to listen to multiple RD Gateway Servers for all eventlogs related to Remote Desktop Services to get live results
PS C:\> .\event-log-manager.ps1 -listen -rds -machines RDGW-01, RDGW-01

Below is a sample output

clip_image010

These were only a few RDS related examples, but the script Jason created has awesome capabilities! It’s available on TechNet Gallery here: https://gallery.technet.microsoft.com/Windows-Event-Log-ad958986

3 comments: