Tips for collecting of YSoft SafeQ 6 log files
Script can be used also for collecting logs from YSoft SafeQ 5.
As in various cases YSoft SafeQ log files are necessary, this article is providing the PowerShell script that can effectively help you to collect them. You can copy the script body and save it as a file with .ps1 extension.
When editing the script it is good to use "PowerShell ISE" tool.
Kindly follow instructions from the .DESCRIPTION section of the script when using it.
Script body
YSoft SafeQ - Collect Logs
<
#
.SYNOPSIS
The script helps collecting log files, configuration files, Windows Event Logs of YSoft SafeQ.
.DESCRIPTION
The script identifies YSoft SafeQ installation and collects all possible log files and configuration.
The script collects information from Windows Event Viewer.
The script collects information from Windows System Information
The script collects data for defined period of time (see
$LogAge
parameter). E.g. if the issue happened 3 hours ago, you would collect data from the last 4-5 hours to ensure that all data for analysis are available.
The script collects only data from the server
where
the command was triggered for the past X hours (see
$LogAge
parameter). In case other servers may be involved (Management Server, CBPR Client, Authentication against SPOC
group
, etc.) data from all affected servers has to be provided.
- for instance an authentication issue on an MFD managed by a SPOC
group
hidden behind a virtual IP address of load balancer occurs; log files from all servers in the SPOC
group
as well as from the Management servers has to be provided.
- log files must cover the date and time of the occurrence.
PowerShell 3.0 or higher is required, current version can be listed by command:
$PSVersionTable
.PSVersion.Major
The script must be launched using PowerShell as an Administrator.
Additional data such as
"Support information"
(YSoft SafeQ management interface > Dashboard > Click
"Support information"
> Click
"Download support information"
), screenshots and other relevant information must be collected manually and provided along with the log files.
.PARAMETER LogAge
Defines the period for how how many hours the log files will be collected from now to the past (default configuration is past 24 hours).
.PARAMETER RootCollectionPath
Defines the folder
where
on the server would you like to store the data (by default a new folder will be created on the desktop).
.PARAMETER GetLog
Determine if logs are collected (
$true
/
$false
).
.PARAMETER GetConf
Determine if the configuration files are collected (
$true
/
$false
).
.PARAMETER GetCert
Determine if certificates and private keys are collected (
$true
/
$false
).
.PARAMETER GetMisc
Determine if Windows Event Logs, System Information, list of Windows services, list of Memory Dumps are collected (
$true
/
$false
).
.NOTES
Version: 1.36
Last Modified: 20/05/2022
.EXAMPLE
Define required values in
$LogAge
and
$RootCollectionPath
parameter.
Run Windows PowerShell as an administrator and launch the command as follows:
C:\Users\Administrator\Downloads> .\SQ_Collect_Logs.ps1
#>
#-----------------------------------------------------------[Parameters]-----------------------------------------------------------
# Set the log age to gather in hours (Default: $LogAge = 24)
$LogAge
= 24
# Log collection folder (Default: $RootCollectionPath = "$($env:USERPROFILE)\Desktop")
# Example : $RootCollectionPath = "C:\Temp"
$RootCollectionPath
=
"$($env:USERPROFILE)\Desktop"
# Get logs ($true / $false)
$GetLog
=
$true
# Get configuration files ($true / $false)
$GetConf
=
$true
# Get certificates and private keys ($true / $false)
$GetCert
=
$false
# Get Windows Event Logs, System Information, Memory Dumps ($true / $false)
$GetMisc
=
$true
#-----------------------------------------------------------[Execution]------------------------------------------------------------
# Input value check
If ((
$GetConf
-eq
$false
)
-and
(
$GetLog
-eq
$false
)
-and
(
$GetMisc
-eq
$false
)
-and
(
$GetCert
-eq
$false
)) {
Write
-Warning
'Nothing to collect. Please review the configuration and re-run the script.'
'Press any key to exit the script.'
|
Out-Host
Read-Host
exit
}
# Admin rights check
If (
-NOT
([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(([System.Security.Principal.SecurityIdentifier]
'S-1-5-32-544'
))) {
Write
-Warning
'Administrative rights are missing. Please re-run the script as an Administrator.'
'Press any key to exit the script.'
|
Out-Host
Read-Host
exit
}
# Create function for data copying
function copydata(
$FileToCopy
) {
ForEach
(
$tmp
in
$FileToCopy
) {
$DirectoryName
=
$tmp
.DirectoryName
-replace
(
"\w:\\"
,
""
)
$Destination
=
"$DataDest\$DirectoryName"
If (!(
Test-Path
$Destination
)) {
New-Item
-Path
$Destination
-ItemType
Directory |
Out-Null
}
Copy-Item
$tmp
.FullName
-Destination
$Destination
}
}
# Create functions for data extraction
function Expand
-ZIP
(
$file
,
$destination
) {
Add
-Type
-AssemblyName
System.IO.Compression.FileSystem
[System.IO.Compression.ZipFile]::ExtractToDirectory(
$file
,
$destination
)
}
# Create functions for data archivation
# Using .NET function is better than native Compress-Archive (PS5), native Compress-Archive may consume all the OS memory
function Compress
-ZIP
(
$directory
,
$destination
) {
Try {
Add
-Type
-AssemblyName
System.IO.Compression.FileSystem
-ErrorAction
SilentlyContinue
} Catch {
"File compression failed, kindly pack the files manually and provide them to CSS."
|
Out-Host
"Files are available at: $DataDest"
|
Out-Host
""
|
Out-Host
'Press any key to exit the script.'
|
Out-Host
Read-Host
exit
} Finally {
[System.IO.Compression.ZipFile]::CreateFromDirectory(
$directory
,
$destination
,
"optimal"
,
$true
)
}
}
# Prepare the log collection folder
$IPaddress
= (
Get-WmiObject
-Class
Win32_NetworkAdapterConfiguration |
Where-Object
{$_.DefaultIPGateway
-ne
$null
}).IPAddress |
Select-Object
-First
1
$FolderName
=
"$($env:COMPUTERNAME)_$($IPaddress)"
$DataDest
=
"$($RootCollectionPath)\$($FolderName)"
'Locating the installation directories'
# Identify all YSoft SafeQ services based on the service name or description
$ServiceList
= @()
$ServiceList
+=
Get-ChildItem
-Path
HKLM:\SYSTEM\CurrentControlSet\Services |
Get-ItemProperty
| `
? {($_.PSChildName
-match
'YSoft.*|YSQ.*'
-or
$_.DisplayName
-match
'YSoft.*|YSQ.*'
)} | `
? {$_.PSPath
-notmatch
'YSoftEtcd|YSoftSQ-LDAP|YSoftSafeQLDAPReplicator|YSoftSafeQCMLDBS|YSoftWeb|YSoftPGSQL|YSoftIms'
}
# Find the root directory for each service
ForEach
(
$Service
in
$ServiceList
) {
$tmp
= (
$Service
.ImagePath
-replace
'(?<=\.exe).+'
,
''
).Trim(
'`"'
)
$tmp
=
$tmp
.Substring(0,
$tmp
.LastIndexOf(
'\')) -Replace ('
\\?bin\\?
','
') -Replace ('
\\?tomcat\\?
','
') -Replace ('
\\Service\\?
','
') -Replace ('
PGSQL
','
PGSQL
-data
') -replace ('
\\procrun
','
')
$Service
|
Add-Member
-MemberType
NoteProperty
-Name
Path
-Value
$tmp
}
# Add location for customizations
# Look for customizations in the root dir of detected service (e.g. for C:\SafeQ6\Management check dirs in C:\SafeQ6; too generic paths like C:\ or C:\ProgramData are skipped)
# The customizations that were already detected based on the service name are not added again
$findcustom
=
$ServiceList
| ? {$_.PSChildName
-in
"YSoftSQ-Management"
,
'YSoftSQ-SPOC'
,
'YSoftSQ-WPS'
}
if (
$findcustom
) {
$pathtoignore
= (
$Env
:ALLUSERSPROFILE,
$Env
:ProgramData,
$Env
:ProgramFiles,
$Env
:ProgramW6432,
$Env
:windir)
$findcustom
=
$findcustom
.Path
-replace
'\\\w+$'
,
''
$findcustom
=
$findcustom
| ? { $_
-notin
$pathtoignore
-and
$_
-notmatch
'^\w:(|\\)$'
}
if (
$findcustom
) {
Get-ChildItem
-Path
$findcustom
-Directory
| ? { $_.FullName
-notin
$ServiceList
.Path } |
ForEach
{
$ServiceList
+=
New-Object
-TypeName
PSObject
-Property
@{Path = $_.FullName} }}
}
# Temporary workaround for YSoftSQ-SPOOLER v3 client deployed by old MSI package (key path in registry is just <drive>:, packages from QuickPrint no longer afffected)
# this detects the problematic client and updates its ImagePath inside of source variable $ServiceList
$v3clientmsi
=
$ServiceList
| ? {$_.DisplayName
-eq
"YSoft SafeQ Spooler"
}
if (
$v3clientmsi
-and
$v3clientmsi
.Path
-match
"\w:$"
) {
$v3clientmsi
.Path =
$v3clientmsi
.ImagePath
-replace
'\\\d+\.\d+\.\d+\.\d+\\..\\latest\\YSoft\.Spooler\.Host\.exe"\s--run-as-service'
,
'\latest'
-replace
'"'
,
''
}
# Exclude services where path does not exist on the filesystem
$FinServiceList
= @()
ForEach
(
$Service
in
$ServiceList
){
If (
Test-Path
$Service
.Path) {
$FinServiceList
+=
$Service
}
}
# General list of directories to exclude from all searches to speed up processing
$DirExclude
=
'\\.*backup.*|\\PGSQL\\|PGSQL-data\\(base|pg_wal)|\\spoolcache|\\cache|\\missioncontrol|java\\(demo|sample|lib|legal)\\|web-inf\\(views|classes|libs)|\\assets\\|\\catalina\\localhost|FSP\\universal-pcl-driver|Client\\resources\\app|\\AccountedJobs|\\ims\\\.vertx'
if (
$GetConf
-eq
$true
) {
'Copying the configuration files'
|
Out-Host
# Obtaining all the configuration files
$FileExtension
=
'.conf'
,
'.config'
,
'.properties'
,
'.xml'
,
'.json'
,
'.drl'
,
'.ini'
$FileExclude
=
'\.dll\.config'
$DirExcludeConf
=
$DirExclude
+
'|\\terminalserver|MobilePrint\\Service'
$ConfToCopy
= @()
ForEach
(
$Service
in
$FinServiceList
) {
if (
$Service
.PSChildName
-match
'YSoftSQ-UP-CONNECTOR'
) {
$target
= $([Environment]::SystemDirectory) +
'\config\systemprofile\.universal-print'
if ([Environment]::Is64BitProcess){
$ConfToCopy
+=
Get-ChildItem
-Path
$target
-File
-Recurse
-Include
'desiredState.json'
} else {
Write
-Warning
"$($target+'\desiredState.json') cannot be collected."
'Either collect it manually and attach it to the output or re-launch the script in x64 version of PowerShell.'
|
Out-Host
'Press any key to continue.'
|
Out-Host
Read-Host
}
Remove-Variable
target
}
if (
$Service
.PSChildName
-match
'YSoftSQ-TS*'
){
$ConfToCopy
+=
Get-ChildItem
-Path
$Service
.Path
-File
-Recurse
-Include
'TerminalServer.exe.config'
} elseif (
$Service
.PSChildName
-match
'YSoftSQ-MPS|YSoftMobilePrintServer'
) {
$ConfToCopy
+=
Get-ChildItem
-Path
$Service
.Path
-File
-Recurse
-Include
'*.config'
} else {
$LookupDir
= @()
$LookupDir
+=
Get-ChildItem
-Path
$Service
.Path
-Directory
-Recurse
| ? { $_.FullName
-notmatch
$DirExcludeConf
}
$LookupDir
+=
Get-Item
$Service
.Path
$ConfToCopy
+=
$LookupDir
|
Get-ChildItem
-File
| ? {$_.Extension
-in
$FileExtension
-and
$_.FullName
-notmatch
$FileExclude
}
}
}
$ConfToCopy
=
$ConfToCopy
|
Sort
FullName
-Unique
copydata
$ConfToCopy
}
if (
$GetCert
-eq
$true
) {
'Copying the certificates and private keys'
|
Out-Host
# Obtaining all the certificate and private key files based on the predefined list
$CertList
=
'\.(cer$|crt$|key$|pfx$|jks$|p12$|pem$)|\\.*keystore|\\.*truststore'
$CertToCopy
= @()
ForEach
(
$Service
in
$FinServiceList
) {
$LookupDir
= @()
$LookupDir
+=
Get-ChildItem
-Path
$Service
.Path
-Directory
-Recurse
| ? { $_.FullName
-notmatch
$DirExclude
}
$LookupDir
+=
Get-Item
$Service
.Path
$CertToCopy
+=
$LookupDir
|
Get-ChildItem
-File
| ? { $_.FullName
-match
$CertList
}
}
$CertToCopy
=
$CertToCopy
|
Sort
FullName
-Unique
copydata
$CertToCopy
}
if (
$GetLog
-eq
$true
) {
'Copying the log files'
|
Out-Host
# Obtaining all the files modified in the defined period plus the two last files of each filename pattern
$LogToCopy
= @()
ForEach
(
$Service
in
$FinServiceList
) {
$LogList
= @()
$LookupDir
= @()
$LookupDir
+=
Get-ChildItem
-Path
$Service
.Path
-Directory
-Recurse
| ? { $_.FullName
-notmatch
$DirExclude
}
$LookupDir
+=
Get-Item
$Service
.Path
$LogList
+=
$LookupDir
|
Get-ChildItem
-File
| ? { (($_.Length
-gt
0)
-and
($_.extension
-eq
".log"
))
-or
($_.DirectoryName
-match
"\\(pg_log|log|logs)$"
) }
# Additional location for global install log
$LogList
+= (
Get-Item
$Service
.Path).parent.FullName |
Get-ChildItem
-File
| ? {$_.extension
-eq
".log"
}
# Additional location for YSoftSQ-SPOOLER install.log and YSoft SAFEQ Client v3 log
if (
$Service
.PSChildName
-eq
'YSoftSQ-SPOOLER'
) {
$LogList
+=
Get-ChildItem
-Path
$((
$env
:USERPROFILE
-replace
"[^\\]*(?:)?$"
) +
'*\AppData\Roaming\YSoft SafeQ Client\logs'
)
-Recurse
if (
$Service
.Path
-match
'versions\\latest'
) {
$LogList
+=
Get-ChildItem
-Path
$(
$Service
.Path
-replace
'versions\\latest'
,
'logs'
)
-File
-ErrorAction
Ignore
#this is for very old v3 client
} else {
$LogList
+=
Get-ChildItem
-Path
$(
$Service
.Path +
'\logs'
)
-File
-ErrorAction
Ignore
}
}
# Additional location for YSoft SAFEQ client (non-v3, Desktop Interface)
if (
$Service
.PSChildName
-eq
'YSoftSQ-FSP'
){
$LogList
+=
Get-ChildItem
-Path
$((
$env
:USERPROFILE
-replace
"[^\\]*(?:)?$"
) + '*\.safeq6\logs\')
-Recurse
}
# Code to pick the last two logs for each name pattern
$Patterns
= @()
ForEach
(
$Log
in
$LogList
) {
If (
$Log
.BaseName
-match
"postgresql"
) {
$Patterns
+= (
$Log
.BaseName
-Split
(
'\-'
))[0]
} Elseif (
$Log
.BaseName
-match
"jobservice"
) {
$Patterns
+=
'jobservice'
# workaround SBT-3255
} Elseif (
$Log
.BaseName
-match
"\."
) {
$Patterns
+= (
$Log
.BaseName
-Split
(
'\.'
))[0]
} Else {
$Patterns
+=
$Log
.BaseName
}
}
$Patterns
=
$Patterns
|
Select-Object
-Unique
$LastLogs
= @()
ForEach
(
$Pattern
in
$Patterns
) {
$LastLogs
+=
$LogList
| ? {$_.BaseName
-match
"$Pattern"
} |
Sort-Object
LastWriteTime
-Descending
|
Select-Object
-First
2
}
$LogToCopy
+=
$LogList
| ? {$_.LastWriteTime
-gt
(
Get-Date
).AddHours(-
$LogAge
)
-or
$_
-in
$LastLogs
}
}
$LogToCopy
=
$LogToCopy
|
Sort
FullName
-Unique
copydata
$LogToCopy
'Extracting archived logs'
|
Out-Host
$ZipFiles
=
Get-ChildItem
-Path
$DataDest
-Recurse
|
Where-Object
{$_.Name
-match
'.zip'
}
If (
$ZipFiles
) {
$progresstrack
= 0
$command
= [scriptblock]::Create(
'Expand-ZIP -File $($ZipFile.FullName) -Destination $($ZipFile.Directory.FullName)'
)
ForEach
(
$ZipFile
in
$ZipFiles
) {
Try {
Write
-Progress
-Activity
"Extracting archived logs"
-CurrentOperation
""
-PercentComplete
(
$progresstrack
/
$zipfiles
.Count*100)
$progresstrack
=
$progresstrack
+ 1
&
$command
Remove-Item
-Path
$ZipFile
.FullName
} Catch {<
#"File extraction failed, keeping an archive: $ZipFile"#>}
}
Write
-Progress
-Activity
"Extracting archived logs"
-Status
"Ready"
-Complete
}
}
if (
$GetMisc
-eq
$true
) {
If (!(
Test-Path
$DataDest
)) {
New-Item
-Path
$DataDest
-ItemType
Directory |
Out-Null
}
'Getting the Windows Event Logs'
|
Out-Host
Get-EventLog
Application
-After
(
Get-Date
).AddHours(-
$LogAge
) |
Format-Table
-Property
TimeWritten, Source, EventID, EntryType, Message
-wrap
-auto
|
Out-File
$DataDest
\EventLog_Application.txt
-Width
250
Get-EventLog
System
-After
(
Get-Date
).AddHours(-
$LogAge
) |
Format-Table
-Property
TimeWritten, Source, EventID, EntryType, Message
-wrap
-auto
|
Out-File
$DataDest
\EventLog_System.txt
-Width
250
'Getting the System Info'
|
Out-Host
$sysinfo
= @()
If ([System.Version]
$PSVersionTable
.PSVersion
-ge
[System.Version]
"5.1"
) {
$sysinfo
+=
'Accurate CPU information obtained by PowerShell 5.1 or higher:'
$sysinfo
+= (Get
-ComputerInfo
-Property
CsNumberOfLogicalProcessors, CsNumberOfProcessors, CsProcessors |
Format-List
|
Out-String
).Trim()
$sysinfo
+=
''
}
$sysinfo
+=
'Generic system information:'
$sysinfo
+=
'WARNING: The number of CPU cores listed below is incorrect, because command "sysinfo" provides inaccurate data.'
$sysinfo
+= systeminfo
$sysinfo
|
Out-File
$DataDest
\SystemInfo.txt
'Getting details about services'
|
Out-Host
$OSservicelist
=
Get-WmiObject
win32_service
foreach
(
$OSservice
in
$OSservicelist
) {
$OSr
=
Get-ItemProperty
-Path
"HKLM:\SYSTEM\CurrentControlSet\Services\$($OSservice.Name)"
If (
$OSr
.DelayedAutostart
-eq
1
-and
$OSr
.Start
-eq
2 ) {
$OSservice
.StartMode =
$OSservice
.StartMode +
' (Delayed)'
}
}
$OSservicelist
|
Sort
DisplayName |
format-table
-Property
DisplayName, Name, StartName, StartMode, State |
Out-File
$DataDest
\Services.txt
-Width
250
'Getting details about Windows Certificate Store'
|
Out-Host
Get-ChildItem
cert:
-Recurse
|
Where
{!$_.PSIsContainer} |
Format-List
Subject, FriendlyName, PSParentPath, Issuer, Thumbprint, DnsNameList, NotBefore, NotAfter, EnhancedKeyUsageList |
Out-File
$DataDest
\Windows_Cert_Store.txt
'Getting details about available memory dumps'
|
Out-Host
$dmp
=
Get-ChildItem
-Path
$FinServiceList
.Path
-Include
*.hprof,*.mdmp,*.dmp
-Recurse
If (![string]::IsNullOrEmpty(
$dmp
)) {
$dmp
|
Format-Table
-Property
FullName, Length, LastWriteTime
-AutoSize
|
Out-File
$DataDest
\Dump_List.txt
} Else {
'No hprof/mdmp/dmp files found.'
|
Out-File
$DataDest
\Dump_List.txt
}
}
'Compressing the files'
|
Out-Host
$FileName
=
"$($RootCollectionPath)\$($FolderName)_YSoftDiagData_$((Get-Date).ToString('yyyy-MM-dd-HH-mm-ss')).zip"
Compress
-ZIP
-Directory
$DataDest
-Destination
$FileName
'Removing temporary files'
|
Out-Host
Remove-Item
-Path
$DataDest
-Recurse
-Force
Write
-Output
""
Write
-Output
"Work done, the output is in $FileName"
Write
-Output
'Feel free to close the script'
Read-Host