1. PDQ Deploy & Inventory Help Center
  2. Troubleshooting
  3. Network & Environment

Create Event Viewer Log Files to Filter PDQ Events

Overview

You would like to create a filtered Event Viewer file with specific PDQ information, include Event Viewer files (.EVTX) with your support ticket, or would like to filter PDQ events in Event Viewer.

Option 1: The easy way

You can use the following PowerShell script created by one of our devs to automagically gather PDQ event logs into an EVTX file.

$OutputPath = $env:TEMP
  
#xPathQuery for wevutil to grab event logs from Deploy, Inventory, Inventory Agent, and .NET Runtime from the last 30 days:
$xPathQuery = "*[System[Provider[@Name='PDQ Deploy' or @Name='PDQ Inventory' or @Name='.NET Runtime'] and TimeCreated[timediff(@SystemTime) <= 2592000000]]]"
wevtutil export-log Application $OutputPath\PDQEventLogs.evtx /query:"$xPathQuery" /overwrite:true #export event logs to evtx file based on xPathQuery
  
$wshell = New-Object -ComObject Wscript.Shell # Create message box
$wshell.Popup("Log files saved at $OutputPath\PDQEventLogs.evtx.`n`nClick Ok to open containing folder.", 0, "PDQ Event Logs", 0x0)
  
Invoke-Item $OutputPath #Open up the Log folder in explorer for easy access to PDQEventLogs.evtx

The script "Get-PDQEventLogs.ps1" can also be found hosted for use on our Github:

https://github.com/pdqcom/Bonus-Content/blob/master/Article-Content/Get-PDQEventLogs.ps1

Option 2: The manual way

  1. Open Event Viewer (Run > eventvwr)
  2. Expand Windows Logs > select Application log.
    EV1.jpg
  3. With Application log selected, in the right-hand navigation pane (Actions), select Filter Current Log...
    EV2.jpg
  4. In the Filter Current Log window, use the Event sources drop-down to select the following three items (if they exist): PDQ Deploy, PDQ Inventory, and .NET Runtime.
    EV3.jpg
  5. Leave everything else as-is unless you want to further filter by Event Level, and click OK.
    EV4.jpg
  6. You should now see a filtered log view.
  7. Click on Action in the upper left-hand menu and select Save Filtered Log File As... or Save Selected Events...
    EV5.jpg
  8. In the Save As window, choose a File Name (e.g. the error, the date, or your ticket number) and keep the Save as type set to Event Files (*.evtx).
  9. Save the <FileName>.evtx log file.
  10. Keep for your records or submit with your PDQ.com support ticket.
Brigg Angus
Updated

Related articles

Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.