Finding log events for Hyper-V on Windows Server 2012

Hyper-V logs events for virtual machines, but the locations and processes may not be intuitive. Rick Vanover shows you where to look for logging info in Windows Server 2012.

In Hyper-V Manager for Windows Server 2012 (as well as Windows Server 2008 R2 and the base release), there isn’t much in the way of a tasks or events history for the VM, so I've always found it to be a challenge to find out "what happened" in the way of logging events.

Luckily, Windows logs Hyper-V events just like it does other roles -- in the Event Viewer! So, we can even search and filter these events. Newer versions of Windows also now include categorized logging sections, which is where I will start in this blog.

In the Event Viewer, I’m used to looking in the “Windows Logs” section to find either the application, system, or security log event I’m looking for. But starting with Windows Server 2008, we were able to have the component logging sections, also. This will really help us with Hyper-V. In the Event Viewer snap-in, navigate to Applications and Services Logs | Microsoft | Windows, and there lie a number of Hyper-V categories. Windows Server 8 displays nine sections with the current beta. This area of the Event Viewer is shown in Figure A:

Event Viewer - Hyper-V sections

Event Viewer - Hyper-V sections (click to enlarge)
In this area of Hyper-V logging, we can see specific Hyper-V events. One that is worth noting is the task associated with creating a new virtual disk file (Hyper-V .VHD). This event is logged in the Hyper-V-VMMS | Operational section of the Event Viewer and is an Event ID 27311. Figure B shows an example of the .VHD file being created and logged:

Figure B

Hyper-V event showing a VHD file added to a VM on the host.

This section of the Event Viewer has a number of the relevant aspects of Hyper-V logging. A certain amount of logging is done within the guest VM, but that generally is not related to host activities. The good news is that in a pure Windows world, connecting those two environments is quite straightforward with enterprise frameworks such as System Center Operations Manager.

How do you go about logging host events on Hyper-V? Do you exclusively use the Event Viewer? Are more tips up your sleeve? Share your Hyper-V event logging tips below.