10.4.1 OS log information to be collected

You need to collect the OS-related log information indicated in the following table.

Table 10-4 OS-related log information

Type of informationDescriptionDefault file nameCollection by jpcras command possible
System logWindows event log--Y
WMI logsystem-folder\system32\WBEM\Logs\*#Y
Process informationProcess list--Y
System filehosts filesystem-folder\system32\drivers\etc\hostsY
services filesystem-folder\system32\drivers\etc\servicesY
OS informationSystem information--Y
Network status--Y
Host name--Y
Windows Firewall information--Y
Dump information
(in Windows Server 2003)
Dr. Watson log filesystem-drive\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log#
system-drive\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dump#
Y
Dump information
(in Windows Server 2008 or Windows Server 2012)
Log files for problem reports and solutionsuser-mode-process-dump-folder\program-name.process-ID.dmp
Example: jpcagtt.exe.2420.dmp
N
Legend:
Y: Can be collected.
N: Cannot be collected.
--: Not applicable.
#
If log files are set to be output to another folder, collect data from that folder.