Effectively reading SharePoint Logs

I don’t think anyone actually enjoys reading the SharePoint logs. It can be overwhelming. I’ve found a few techniques to mastering the logs and finding what you really want, fast.

First, you need to crank up diagnostic logging in Central Admin. The default logging levels don’t do a good job of reporting everything. So hop in there and crank it down to log everything. MAKE SURE TO REMEMBER TO SET IT BACK! Especially on a production farm, these logs can get big, fast.

There’s a great free application called SharePoint LogViewer. It starts up slow, but once it’s running, it’s great. It monitors all logs on all servers within your farm, providing an almost (2-3 seconds behind) real-time look into what’s going on. SharePoint LogViewer is a very powerful tool for troubleshooting issues on your server and farm.

By default, it only keeps 500 lines on the screen, which depending on your farm might only be a minute or two of entries. Click the settings gear icon and you can ramp that up, I throw it up to 5000, giving me closer to 5-7 minutes of entries. Again, this will depend on the amount of traffic your farm is experiencing.

If the constant streaming is tough to manage or if you’re ready to stop the log to read through some of the entries, click the little pause button and you can now look through the entries and perform some searching and filtering. As you analyze your logs, and narrow down to a subset of records you can save the log entries, giving you a small log with just the records you want.

SharePoint LogViewer takes up a minimal amount of resources on the server. I ran it on a 6 server SharePoint 2010 farm on one of the application servers, and it averaged 10% of the processor and the memory used reached 60MB. This resource usage is very reasonable for our farms.

As great as that app is, I find myself jumping to another app for a quick read. I’ll use the above when I need to really analyze and troubleshoot when something isn’t obvious. The other tool I love is Notepad++. It works a lot like NotePad, but has some added features. With NotePad++, you can open multiple log files and search against all of them at once. This is helpful if you need to open the last week of logs to find an issue a user complained about. It also provides keyword highlighting, which is helpful when searching for a page or correlation ID. Double click or search for a word and all instances of the word will highlight right in the page making it easy to find your references.

Leave a Reply

Up ↑

%d bloggers like this: