Enabling Hyper V logging
To monitor Hyper V Logs, add the Windows Server from which the Hyper V logs are to be collected.
For EventLog Analyzer to collect Hyper V logs, follow the steps below in the respective Windows device:
- Open your Event Viewer.
- Go to Application and Service Logs> Microsoft> Windows.
- Right click on the following and select 'Enable Log':
- Hyper-V-Config
- Hyper-V-High-Availability
- Hyper-V-Hypervisor
- Hyper-V-Integration
- Hyper-V-SynthFC
- Hyper-V-SynthNic
- Hyper-V-SynthStor
- Hyper-V-VID
- Hyper-V-VMMS
This will enable logging of Hyper V Logs and the logs can be viewed in Event Viewer.
To perform searches and generate reports out of these logs, carry out the following registry configuration on the respective Windows machine:
- Open the registry editor, 'regedit' in a Command Line Window.
- Navigate to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
- Right click on 'eventlog' and create new keys with the following names:
- Microsoft-Windows- Hyper-V-Config
- Microsoft-Windows-Hyper-V-High-Availability
- Microsoft-Windows-Hyper-V-Hypervisor
- Microsoft-Windows-Hyper-V-Integration
- Microsoft-Windows- Hyper-V-SynthFC
- Microsoft-Windows-Hyper-V-SynthNic
- Microsoft-Windows- Hyper-V-SynthStor
- Microsoft-Windows- Hyper-V-VID
- Microsoft-Windows- Hyper-V-VMMS
Note: EventLog Analyzer supports log collection from any device which has remote logging capability, via UDP or TCP protocol. The default UDP ports are 513,514 and the default TCP port is 514 in EventLog Analyzer.
- TCP based log collection offers reliability.
- UDP based log collection is not reliable, but reduces load on your network when compared to TCP.
Depending on the requirements of your environment, you can choose the appropriate protocol for log collection.