Collecting ConfigMgr Client Logs to Azure Storage

In the 2002 release of Endpoint Configuration Manager, Microsoft added a nice capability to collect log files from a client to the site server. Whilst this is a cool capability, you might not be on 2002 yet or you might prefer to send logs to a storage account in Azure rather than to the site server. You can do that quite easily using the Run Script feature. This works whether the client is connected on the corporate network or through a Cloud Management Gateway.

To do this you need a storage account in Azure, a container in the account, and a Shared access signature.

I’ll assume you have the first two in place, so let’s create a Shared access signature. In the Storage account in the Azure Portal, click on Shared access signature under Settings.

• Under Allowed services, check Blob.
• Under Allowed resource types, check Object.
• Under Allowed permissions, check Create.

Set an expiry date then click Generate SAS and connection string. Copy the SAS token and keep it safe somewhere.

Below is a PowerShell script that will upload client log files to Azure storage.

	## Uploads client logs files to Azure storage
	$Logs = Get-ChildItem "$env:SystemRoot\CCM\Logs"
	$Date = Get-date -Format "yyyy-MM-dd-HH-mm-ss"
	$ContainerURL = "https://mystorageaccount.blob.core.windows.net/mycontainer"
	$FolderPath = "ClientLogFiles/$($env:COMPUTERNAME)/$Date"
	$SASToken = "?sv=2019-10-10&ss=b&srt=o&sp=c&se=2030-05-01T06:31:59Z&st=2020-04-30T22:31:59Z&spr=https&sig=123456789abcdefg"
	$Responses = New-Object System.Collections.ArrayList
	$Stopwatch = New-object System.Diagnostics.Stopwatch
	$Stopwatch.Start()
	foreach ($Log in $Logs)
	{
	$Body = Get-Content $($Log.FullName) -Raw
	$URI = "$ContainerURL/$FolderPath/$($Log.Name)$SASToken"
	$Headers = @{
	'x-ms-content-length' = $($Log.Length)
	'x-ms-blob-type' = 'BlockBlob'
	}
	$Response = Invoke-WebRequest -Uri $URI -Method PUT -Headers $Headers -Body $Body
	[void]$Responses.Add($Response)
	}
	$Stopwatch.Stop()
	Write-host "$(($Responses | Where {$_.StatusCode -eq 201}).Count) log files uploaded in $([Math]::Round($Stopwatch.Elapsed.TotalSeconds,2)) seconds."

view raw Upload-CMClientLogsToAzureStorageAccount hosted with ❤ by GitHub

Update the following parameters in your script:

• ContainerURL. This is the URL to the container in your storage account. You can find it by clicking on the container, then Properties > URL.
• SASToken. This is the SAS token string you created earlier.

Create and approve a new Script in ConfigMgr with this code. You can then run it against any online machine, or collection. When it’s complete, it will output how many log files were uploaded and how long the upload took.

To view the log files, you can either browse them in storage account in the Azure portal looking at the container directly, or using the Storage explorer. My preferred method is to use the standalone Microsoft Azure Storage Explorer app, where you can simply double-click a log file to open it, or easily download the folder containing the log files to your local machine.