windows如何收集日志

2022-03-02 14:39:40 浏览数 (1)

腾讯云有个内网收集日志的脚本

Windows Server 2008R2:安全性太差,用的人少,我放到本文结尾了

Windows Server 2012 :

在PowerShell中输入这2句

第一句 Powershell Invoke-WebRequest -uri http://mirrors.tencentyun.com/install/platform_ops/qcloud/QCloud_Windows_Status_Check_Script.ps1 -OutFile QCloud_Windows_Status_Check_Script.ps1;

第二句 ./QCloud_Windows_Status_Check_Script.ps1

如上图,dns不是平台默认dns影响内网域名解析,脚本收集不了日志的话

cmd命令行以管理员身份运行如下命令后,内网域名解析就正常了(事物是发展变化的……内网ip和域名的对应关系以实际情况为准

具体metadata.tencentyun.com对应哪个IP,访问如下2个URL,哪个能访问通,就在hosts里面指定哪个IP

http://169.254.0.23/latest/meta-data/uuid

http://169.254.10.10/latest/meta-data/uuid

169.254.0.23、169.254.10.10这2个IP,vpc机器都能访问,但是基础网络机器只能访问169.254.10.10。

echo 169.254.0.3 mirrors.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.15 update2.agent.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.4 receiver.barad.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.5 custom.message.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.23 metadata.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.19 kms.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.54 kms1.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.26 windowsupdate.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.2 ntpupdate.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.79 time1.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.80 time2.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.81 time3.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.82 time4.tencentyun.com >> c:windowssystem32driversetchosts

echo 169.254.0.83 time5.tencentyun.com >> c:windowssystem32driversetchosts

s.yd.zijiebao.com、l.yd.zijiebao.com、u.yd.zijiebao.com ,云镜的3个内网域名对应的IP经常变,摸不清规律,以实测的为准,建议在同子网里购买个按量机器并把dns改回vpc默认183打头的那2个DNS(183.60.83.19、183.60.82.98)然后ping云镜相关的域名得到IP,获得ip后把刚买的按量机器销毁即可

如果还不行,看下面

C:WindowsSystem32winevtLogs

C:Program FilesQCloudLogs

C:Program FilesCloudbase SolutionsCloudbase-Initlog

这3个目录复制到一个新建的文件夹,然后对那个新建文件夹压缩提供压缩包即可

这个对2008-2022、Vista-Win11是通用的

Windows Server 2008R2通过如下方式收集日志

在PowerShell中输入:

第一句 $client = new-object System.Net.WebClient

第二句 $client.DownloadFile('http://mirrors.tencentyun.com/install/platform_ops/qcloud/QCloud_Windows_Status_Check_Script.ps1','QCloud_Windows_Status_Check_Script.ps1')

第三句 ./QCloud_Windows_Status_Check_Script.ps1

云服务器 windowsserver windows

0 人点赞