%kb_name - %short_descr - Knowledge Portal

How to collect Windows event logs from AKS pods

Overview

This article describes how to collect Windows event logs from Azure Kubernetes Service (AKS) pods.

Retrieving Windows event logs

To retrieve Windows event logs from AKS pod via Azure Command-Line Interface (CLI):

To switch to the required subscription, run the following command:
```
az account set --subscription <subscription ID>
```

Then run:

az aks get-credentials --resource-group <Resource Group Name> --name <AKS name> --admin

To get Powershell running in the pod and run PowerShell commands there, run:
```
kubectl -n <pod namespace> exec pod/<Pod Name> -it -- powershell.exe
```
To retrieve the application logs, run the following command inside PowerShell:
```
Get-EventLog -LogName application
```
To retrieve the system logs, run the following command inside PowerShell:
```
Get-EventLog -LogName system
```