Server 2008 onward the cluster log is stored in 3 different .etl files at "%WinDir%\System32\winevt\logs\"
However, I can't query these files thru Get-Winevent
Get-WinEvent : The C:\Windows\System32\winevt\Logs\Microsoft-Windows-FailoverClustering%4Diagnostic.etl.001 file does not appear to be a valid log file. Specify only .evtx, .etl, or .evt files as values of the
Path parameter.
Am I missing something? Is there another way of querying these .etl filesthru Powershell?
You can't read these files directly as far as I know, you have to dump the contents into the cluster.log file to get a human readable output using Get-ClusterLog or cluster log /gen on 2008 systems: