View on GitHub

Quorten Blog 1

First blog for all Quorten's blog-like writings

On CentOS, sosreport provides a wealth of system information for diagnosing and debugging system issues, all available by running only a single command. How do you get similar information on Windows? Well, unfortunately as it turns out, there is no one single true way to get the information on Windows. Why not? Although there were several historic attempts at Microsoft to create such tools, if you look closely into the details, you will see that none of them really caught on and continued to be maintained. A developer started working on one tool, it was used for a little while, but then it got abandoned, and a new developer wrote a new similar-but-different tool. So, given this pattern of failure, let’s walk through the tools in chronological order.

First, there Windows Event Logs, of the Windows NT Server era. This is the tried-and-true, still supported method of gathering information on Windows systems non-interactively, but, of course, it will take more than one command to do so. If it could be done with only one command, then it would fit the bill perfectly.

Try creating a PowerShell script like this:

$log_list = Get-EventLog -List
foreach ($log_item in $log_list) {
  Get-EventLog -log $log_item.log
}

One trick that is particularly useful for saving the event logs is to export them as CSV. To do so, and for only logs backwards in time up to a certain maximum time duration, use a Powershell code snippet similar to the following:

$now = Get-Date
$startDate = $now.addDays(-7)
$ev = get-eventlog -ComputerName ... `
  -log System -After $startDate | Export-Csv mylog.csv

20190814/DuckDuckGo windows save event logs powershell
20190814/https://eventlogxp.com/blog/exporting-event-logs-with-windows-powershell/
20190814/https://social.technet.microsoft.com/Forums/scriptingcenter/en-US/de9fda2b-8083-4024-a1be-25ce71e68802/exporting-event-logs-with-powershell

In addition to saving the event logs, you probably also want to save the list of running services.

Next, there is msdt.exe, of the Windows XP era, also known as Windows Diagnostics. The nice thing about msdt is that it does provide for some means of command-line automation. Unfortunately, when you get into the low-down of how it works, you can pretty quickly see that there are quite a number of things unpolished about it and it is still clearly designed mainly for interaction with a human user. Also, if you want to gather all information, then you will need to run multiple msdt.exe commands, which doesn’t satisfy the original goal.

For example, to generate an “answers file” for the Windows Update troubleshooting pack, run this Powershell:

Get-Troubleshooting-Pack C:\Windows\Diagnostics\System\WindowsUpdate -AnswerFile .\WUIAnswers.xml

Now run an answers file as follows:

msdt.exe /id PowerDiagnostic /af <answers-file.xml>

You can find a list of troubleshooting pack names here.

MSDT “man page”:

20190814/https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee424379(v=ws.11)

Please note that unfortunately, generating answers for some troubleshooting packs includes a number of questions that only makes sense if an interactive user is walking through it manually. No matter how you answer some earlier questions, you will be asked some consistent “dummy” questions that are only relevant if you answered the initial questions differently.

Worst of all, when you try to run msdt.exe on some newer versions of Windows, you will get this error: Diagnostic troubleshooter is not enabled on this version of Windows.

There is also System Restore, of the Windows XP era. But this is more of a clandestine way to collect the information, one that wasn’t designed specifically for that purpose but can be used for it nonetheless.

https://www.windowscentral.com/how-backup-entire-registry-windows-10
DuckDuckGo windows copy system restore
https://smallbusiness.chron.com/copy-system-restore-points-45595.html

Next, there is perfmon of the Windows 7 era, also known as System Diagnostics Report. Run this command in an Administrator Console to bring up a GUI that will gather and display system information. Via the GUI, you can export the data to an HTML file.

perfmon /report

perfmon “man page”:

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/perfmon

As you can see here, perfmon lacks command line options for non-interactive use. You would need to start the GUI tool and “Save As” the result in order to get the report. Thus, if you want to use it within scripts, you will have to write GUI automation to control the GUI to complete the process of exporting the logs.

That’s all, folks. Here are some more miscellaneous searches and information references that came about from my research. Essentially, I’ve extracted the more human-friendly information from my frantic and chaotic search efforts.

20190809/DuckDuckGo windows archive system configuration and events
20190809/DuckDuckGo windows archive system information
20190809/DuckDuckGo windows snapshot like sosreport
20190809/DuckDuckGo windows collect bug report system information
20190809/https://www.techrepublic.com/article/how-to-use-the-windows-10-system-diagnostics-report-to-gather-troubleshooting-info-on-the-fly/

20190814/DuckDuckGo perfmon report save
20190814/https://www.thewindowsclub.com/generate-system-health-report-windows-7-8-perfmon

20190814/DuckDuckGo windows diagnostics report save from command line
20190814/https://www.thewindowsclub.com/how-to-run-a-troubleshooting-from-the-command-line-in-windows-10

20190814/DuckDuckGo msdt answer file
20190814/https://superuser.com/questions/871822/creating-an-answer-file-for-windowsupdatediagnostic-diagcab-in-eclipse-wtp?#1094306