1$ErrorActionPreference = "Stop"
2$now=get-date -Format("yyyyMMdd-HHmmss")
3$outputPath = join-path $env:TEMP "container-logs-$now"
4$containerdState = "c:\programdata\containerd\state"
5mkdir $outputPath | Out-Null
6$ErrorActionPreference = "SilentlyContinue"
7Write-Host "- Gathering stack dumps, event logs, computer info and more:"
8
9function gethveventlog($elName) {
10 $ErrorActionPreference = "SilentlyContinue"
11 Write-Host -NoNewLine "."
12 $out=join-path $outputPath "$elName.evtx"
13 if (Test-Path $out) { Remove-Item $out }
14 wevtutil.exe epl $elName $out 2>&1 | Out-Null
15}
16
17
18function getnteventlog($elName) {
19 $ErrorActionPreference = "SilentlyContinue"
20 Write-Host -NoNewLine "."
21 $log = Get-WmiObject -Class Win32_NTEventlogFile | Where-Object LogfileName -EQ "$elName" # | Out-Null
22 $outPath = join-path $outputPath "$elName.evtx"
23 if ($log -ne $null) {
24 $log.BackupEventlog($outPath) | Out-Null
25 }
26}
27
28$proc = (get-process containerd)
29if ($proc -ne $null) {
30 docker-signal.exe -pid $proc.Id 2>&1 | Out-Null
31 $lookingFor = Join-Path $env:TEMP containerd.$($proc.Id).stacks.log
32 if (Test-Path $lookingFor) {
33 Copy-Item $lookingFor $outputPath
34 }
35}
36
37# Gather a copy of the containerd state directory
38# TODO: A means is needed to get from containerd what the state directory
39# is so that we could for example use ctr.exe to extract it. Unfortunately
40# ctr version API only has version and revision.
41$state = Join-Path $outputPath "state"
42mkdir $state | Out-Null
43xcopy /C/H/R/S/Y $containerdState $state | Out-Null
44
45
46$procs = (get-process containerd-shim-runhcs-v1)
47if ($procs.Length -gt 0) {
48 $procs | ForEach-Object {
49 docker-signal.exe -pid $($_.Id) | Out-Null
50 $lookingFor = Join-Path $env:TEMP containerd-shim-runhcs-v1.$($_.Id).stacks.log
51 if (Test-Path $lookingFor) {
52 Copy-Item $lookingFor $outputPath
53 }
54 }
55}
56
57$proc = (get-process dockerd)
58if ($proc -ne $null) {
59 docker-signal.exe -pid $proc.Id 2>&1 | Out-Null
60 $drd=$(docker info -f "{{.DockerRootDir}}")
61 $lookingFor = get-childitem $drd -Filter goroutine* | sort creationtime | select -expand fullname -last 1
62 if (Test-Path $lookingFor) {
63 Copy-Item $lookingFor $outputPath
64 }
65}
66
67# Get the process list
68Write-Host -NoNewline "."
69tasklist.exe | Out-File $(Join-Path $outputPath tasklist.txt)
70
71# Save system an application event logs
72getnteventlog "System"
73getnteventlog "Application"
74
75# Save all the Hyper-V event logs
76$el = $(wevtutil.exe el)
77$el | ForEach-Object {
78 if ($_.StartsWith("Microsoft-Windows-Hyper")) {
79 gethveventlog $_
80 }
81}
82
83# Save the drive info (includes drive letter, free and size)
84$di = $(Join-Path $outputPath "driveinfo.txt")
85Get-WmiObject -Class Win32_logicaldisk -Filter "DriveType = '3'" | Out-File $di
86
87# Save the Operating system Info
88$os = $(Join-Path $outputPath "win32_operatingsystem.txt")
89Get-WmiObject -Class Win32_OperatingSystem | Out-File $os
90
91# Save the ComputerInfo
92$ci = $(Join-Path $outputPath "Get-ComputerInfo.txt")
93Get-ComputerInfo | Out-File $ci
94
95
96
97$zip = "c:\container-logs-$now.zip"
98Write-Host ""
99Write-Host "- Compressing"
100Compress-Archive $outputPath/* -DestinationPath $zip
101Remove-Item $outputPath -Recurse -Force
102Write-Host "- Saved to $zip"
View as plain text