Skip to content

Commit 9dd3e44

Browse files
KlwntSinghKlwntSingh
authored
Add log collection for gmsa (#2399)
1. log collector will collect logs for both gMSA logs in file and Windows events.
1 parent c4fd1ef commit 9dd3e44

File tree

1 file changed

+23
-2
lines changed

1 file changed

+23
-2
lines changed

log-collector-script/windows/eks-log-collector.ps1

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ Function create_working_dir{
5252
Write-Host "Creating temporary directory"
5353
New-Item -type directory -path $info_system -Force >$null
5454
New-Item -type directory -path $info_system\eks -Force >$null
55+
New-Item -type directory -path $info_system\gmsa\filelogs -Force >$null
5556
New-Item -type directory -path $info_system\docker -Force >$null
5657
New-Item -type directory -path $info_system\containerd -Force >$null
5758
New-Item -type directory -path $info_system\firewall -Force >$null
@@ -260,7 +261,24 @@ Function get_eks_logs{
260261
Write-Host "OK" -foregroundcolor "green"
261262
}
262263
catch{
263-
Write-Error "Unable to collect ECS Agent logs"
264+
Write-Error "Unable to collect EKS logs"
265+
Break
266+
}
267+
}
268+
269+
Function get_gmsa_logs{
270+
try {
271+
Write-Host "Collecting gMSA logs"
272+
if (Test-Path "C:\ProgramData\Amazon\gmsa-plugin\*") {
273+
copy C:\ProgramData\Amazon\gmsa-plugin\* $info_system\gmsa\filelogs\
274+
}
275+
if (Get-WinEvent -ListProvider gMSA -ErrorAction SilentlyContinue) {
276+
Get-WinEvent -ProviderName gMSA | Export-CSV $info_system/gmsa/eventlogs.csv
277+
}
278+
Write-Host "OK" -foregroundcolor "green"
279+
}
280+
catch{
281+
Write-Error "Unable to collect gMSA logs"
264282
Break
265283
}
266284
}
@@ -359,7 +377,9 @@ Function get_windows_events{
359377
Copy-Item "$env:SystemDrive\Windows\System32\Winevt\Logs\\Microsoft-Windows-Containers*.evtx" -Destination $info_system\events
360378
Copy-Item "$env:SystemDrive\Windows\System32\Winevt\Logs\\Microsoft-Windows-Host-Network-Service*.evtx" -Destination $info_system\events
361379
Copy-Item "$env:SystemDrive\Windows\System32\Winevt\Logs\\Microsoft-Windows-Hyper-V-Compute*.evtx" -Destination $info_system\events
362-
380+
if (Test-Path "$env:SystemDrive\Windows\System32\Winevt\Logs\AWS-Windows-Containers.evtx") {
381+
Copy-Item "$env:SystemDrive\Windows\System32\Winevt\Logs\AWS-Windows-Containers.evtx" -Destination $info_system\events
382+
}
363383
Write-Host "OK" -ForegroundColor "green"
364384
}
365385
catch {
@@ -409,6 +429,7 @@ Function collect{
409429
get_docker_logs
410430
get_containerd_logs
411431
get_eks_logs
432+
get_gmsa_logs
412433
get_network_info
413434
get_windows_events
414435
}

0 commit comments

Comments
 (0)