import-svclog to import SVCLOG files

18 Apr 2017

Intune / PowerShell

The Intune connectors dump all their useful information to .svclog files. You can read these files wtih svcTraceViewer.exe which you can get by installing the Windows Communication Foundation SDK.

Don’t want to download the SDK just to get one tool? Do not fear - they are just XML. Here is an imperfect script for reading svclog files.

function Import-SVCLog {
 [cmdletbinding()]
    Param (
        [parameter(ValueFromPipeline=$True)]
        [string[]]$FileName
    )    
    Process {
       ([xml]("<LogRoot>" + (get-content $fileName) + "</LogRoot>" )).LogRoot.e2etraceevent | %{            
            $_ | select @{l='EventID';e={$_.system.EventID}},@{l='Type';e={$_.system.Type}},@{l='TimeCreated';e={$_.system.TimeCreated.SystemTime}},@{l='Source';e={$_.system.Source.Name}},@{l='Correlation';e={$_.system.Correlation.activityID}},@{l='Computer';e={$_.system.Computer}},@{l='Info';e={$_.ApplicationData}}                       
       }
    }
}

Copy the script into your powershell context and then use it like this (for the Exchange connector)

cd "C:\ProgramData\Microsoft\Windows Intune Exchange Connector\Logs"
dir | import-svclog | out-gridView

You will get a neat graphical interface to sort and view the event data.

Note that the path to most of the log files for the PKI connector is C:\Program Files\Microsoft Intune\NDESConnectorSvc\Logs\Logs.