Export (0) Print
Expand All

Manage Software Inventory Logging in Windows Server 2012 R2

This document describes how to manage Software Inventory Logging in Windows Server® 2012 R2.

The Software Inventory Logging feature in Windows Server 2012 R2 is intended to help datacenter administrators easily log inventory data from their deployments.  This feature is built into the operating system but only exists on Windows Server 2012 R2 (it does not collect or log data from other operating systems). There are two primary methods for inventorying using this feature:

  1. Enabling the SilLogging daily task to collect from all data sources and forward over the network to a specified target (URI)

  2. Manually querying the data using Powershell or WMI at any interval. 

Enabling the SilLogging daily task involves some planning and foresight, but has significant advantages compare to manually querying the data.

Enabling SilLogging has the following three primary advantages for data center administrators:

  • An ongoing history, or log, can be aggregated over time empowering flexible and comprehensive reports from a single source.

  • If Software Inventory Logging is enabled within base virtual machine images, or some other widespread deployment method or policy, computer discovery challenges typical with many inventory tools can be overcome.

  • If Software Inventory Logging is enabled within base virtual machine images, or some other widespread deployment method or policy, trust boundary challenges and the need for elevated user privileges, which is typical with many inventory tools, can be overcome, yet all the while maintaining a level of security since the data is encrypted over HTTPS with SSL.

Software Inventory Logging is installed and enabled manually (not by default) in Windows Server 2012 R2 and collects data on a nearly real-time basis. All configuration of Software Inventory Logging is done with PowerShell cmdlets. There are only a few configuration options for Software Inventory Logging. This document describes these options and their intended purpose.

To learn more about the benefits of Software Inventory Logging, see: Windows Server 2012 R2 Software Inventory Logging Overview.

In this document

The configuration options covered in this document include:

This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see Using Cmdlets.

Software Inventory Logging daily collection and forward over the network must be enabled on a computer running Windows Server 2012 R2 to log software inventory.

You can use the Get-SilLogging PowerShell cmdlet to retrieve information about the Software Inventory Logging Service including whether it is running or stopped

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

  1. Sign in to the server with an account that has local administrator privileges.

  2. Open PowerShell.

  3. At the PowerShell prompt, type Start-SilLogging

The following Windows PowerShell cmdlets disable Software Inventory Logging.

  1. Sign in to the server with an account that has local administrator privileges.

  2. Open PowerShell.

  3. At the PowerShell prompt, type Stop-SilLogging

In addition to the PowerShell cmdlets described in the previous section, 5 additional cmdlets in Windows Server 2012 R2 can be used to collect Software Inventory Logging data:

  • Get-SilComputer: Displays the point in time values for specific server and operating system-related data.

  • Get-SilData: Displays a point in time collection of all Software Inventory Logging data.

  • Get-SilSoftware: Displays the point in time identity of all software installed on the computer

  • Get-SilUalAccess: Displays the total number of unique client device requests and client user requests of the server from two days prior.

  • Get-SilWindowsUpdate:: Displays the point in time list of all Windows updates installed on the computer.

A typical use case scenario for Software Inventory Logging cmdlets would be for an administrator to query Software Inventory Logging for a point in time collection of all Software Inventory Logging data using Get-SilData

PS C:\> Get-SilData 
VmGuid : 15F8DF27-183C-46BE-A037-2D8797E75C1C
Item   : MsftSil_UalAccess (RoleGuid = "7fb09bd3-7fe6-435e-8348-7d8aefb6cea3")
VmGuid : 15F8DF27-183C-46BE-A037-2D8797E75C1C
Item   : MsftSil_Computer (Name = "Contoso-01.Server.Test.Contoso...) 
VmGuid : 15F8DF27-183C-46BE-A037-2D8797E75C1C
PSComputerName : 
ID          : KB999114
InstallDate : 5/15/2013
ChassisSerialNumber       : 7ZQ7TJ1
CollectedDateTime         : 5/20/2013 3:20:09 PM
Model                     : Precision WorkStation T7400
Name                      : Server01.Test.Contoso.com
NumberOfCores             : 4
NumberOfLogicalProcessors : 4
NumberOfProcessors        : 1
OSName                    : Microsoft Windows Server 2012 R2 Datacenter Preview
OSSku                     : 8
OSSuite                   : 400
OSSuiteMask               : 400
OSVersion                 : 6.3.9405
ProcessorFamily           : 179
ProcessorManufacturer     : GenuineIntel
ProcessorName             : Intel(R) Xeon(R) CPU           E5440  @ 2.83GHz
SystemManufacturer        : Dell Inc. 
VmGuid                    : 
ProductName             : Windows Server 2012 R2 Datacenter Preview
RoleGuid                : 10a9226f-50ee-49d8-a393-9a501d47ce04
RoleName                : File Server
SampleDate              : 5/18/2013
UniqueDeviceAccessCount : 32
UniqueUserAccessCount   : 55
ProductName             : Windows Server 2012 R2 Datacenter Preview
RoleGuid                : 7fb09bd3-7fe6-435e-8348-7d8aefb6cea3
RoleName                : Print and Document Services
SampleDate              : 5/18/2013
UniqueDeviceAccessCount : 2
UniqueUserAccessCount   : 6
ID             : {6B6533BD-1680-4368-908E-D50977561A86}
InstallDate    : 5/14/2013 12:00:00 AM
Name           : Microsoft Office Professional Plus 2010
Vendor         : Microsoft Corporation
Version        : 14.0.6029.1000

Output from this cmdlet is the same as all other Get-Sil cmdlets for this feature combined, but is provided to the console asynchronously so the order of the objects may not always be the same.

If this cmdlet is run on a Windows Server 2012 R2 Hyper-V host, Software Inventory Logging data will be provided from the guest virtual machines if they are running Windows Server 2012 R2 and have Software Inventory Logging started.  This data will be ‘collapsed’ on the console’s view, identifiable by the virtual machine’s assigned GUID.

To forward data to an aggregation server, there are three PowerShell cmdlets that you need to run:

  1. Specify the target aggregation server using the Set-SilLogging cmdlet.

  2. Enable Software Inventory Logging as described above using the Start-SilLogging cmdlet.

  3. Set the certificate thumbprint using the Set-SilLogging cmdlet

Before Software Inventory Logging data can be forwarded over the network to an aggregation server, you must first specify the target server. The Set-SilLogging cmdlets is used to specify an aggregation server. If you do not specify an aggregation server and the server is a virtual machine that runs on a Hyper-V host, then the daily collection forwards the Software Inventory Logging data to a location that its Windows Server host can access. Set-SilLogging sets the time of day that the daily collection occurs, the uniform resource identifier (URI) of the aggregation server, and the certificate thumbprint to use for encryption.

Once the aggregation server has been specified, you can enable a daily task via PowerShell to collect all data from these interfaces and forward it using HTTPS to a server running a web service (configured by the server owner), for aggregation.

You can use the Get-SilLogging PowerShell cmdlet to retrieve information about the Software Inventory Logging Service including whether it is running or stopped.

The Publish-SilData cmdlet initiates a point in time collection of all Software Inventory Logging data, and forwards the data over the network to an aggregation server. If Software Inventory Logging was started by an administrator, daily collection and forwarding of the data to the aggregation server commences. In cases where Software Inventory Logging does not receive an acknowledgement from the aggregation server that data forwarding was successful, the service stores that data locally and attempts to forward both the previous and current data the next day. Administrators can also use this cmdlet to manually forward all historical Software Inventory Logging data that was accumulated locally, if that data was not been successfully forwarded to the aggregation server for a period of one or more days. After Software Inventory Logging successfully forwards the data, it deletes all historical data from the client server.

After server OS upgrade, or an in-place repair, any configured SIL logging state (Start/Stop/time-of-day) are NOT retained unless these were configured using Windows Task Scheduler UI (not described here).  TargetUri and Thumbprint are retained, however. In these situations, simply set up Software Inventory logging as if a fresh installation of the operating system has been performed.

If no TargetUri is set, the Publish-SilData cmdlet will not produce an error, either on the console or the event log.

Software Inventory Logging is not intended to be a mission critical component. Its design is intended to impact local system operations as little as possible while maintaining a high level of reliability. This also allows the administrator to manually delete Software Inventory Logging database and supporting files (every file in \Windows\System32\LogFiles\SIL\ directory) to meet operational needs.

  1. In PowerShell, stop Software Inventory Logging with the Stop-SilLogging command.

  2. Open Windows Explorer.

  3. Go to \Windows\System32\Logfiles\SIL\.

  4. Delete all files in the folder.

Software Inventory Logging will temporarily store daily collections of data if it has been configured to forward data to an aggregator, BUT forwards have failed due to external issues, i.e. network connectivity.  The log files are stored in the \Windows\System32\LogFiles\SIL\ directory.  Backups of this Software Inventory Logging data can be made with your regularly scheduled server backups.

If for any reason a repair installation or upgrade is necessary of the operating system, any log files stored locally will be lost.  If this data is critical for operations, it is recommended to be backed up prior to operating system installation.  After repair or upgrade, simply restore to the same location.

If for any reason managing the retention duration of data logged locally by SIL becomes important, this can be configured by changing the registry value here, \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\SoftwareInventoryLogging.  The default is ‘30’ for 30 days.

Data logged by SIL, but stored locally (if the forward to the target URI fails), or data that is successfully forwarded to the target aggregation server is stored in a binary file (for each days’ data). To display this data in PowerShell, use the use the Import-BinaryMiLog cmdlet.

Certificate based authentication uses certificates to authenticate the user/client (in this case, to access SIL). The certificate is used in place of credentials.

By deploying certificate based authentication, administrators can control which computers can be queried for Software Inventory Logging Data.

When you use certificate based authentication, there will be added administrative overhead. You will either need to deploy your own internal Public Key Infrastructure (PKI) using Active Directory Certificate Services (AD CS, formerly Windows Server Certificate Services) or a 3rd-party PKI solution, or you will have to purchase certificates from a public certification authority (CA). This will not be a one-time added overhead. Certificates expire, and when a user’s certificate expires, they will need a new one, requiring either time invested in getting the user a new certificate, or budget invested in purchasing one.


You need access to a CA for client certificates. This can be a public CA solution, individual certificates from a vendor, or an Active Directory Certificate Services solution. Regardless of the method used, the following requirements must be met:

  1. The certificate must be issued for client authentication. The default User template from an AD CS server will work in this scenario.

  2. The User Principal Name (UPN) for each client’s account must match the Subject Name field in the client's certificate.

  3. All servers must trust the entire CA trust chain. This chain includes the root CA certificate and any intermediate CA certificates. These certificates should be installed on all servers where SIL will run.

  4. The root CA certificate must be in the Trusted Root Certification Authorities store, and any intermediate CA certificates in the intermediate store on all of these systems. The root CA certificate and intermediate CA certificates must also be installed on the server where SIL will run.

  5. The client’s certificate must be associated with the client’s account in Active Directory.

  1. When using Set-SilLogging -TimeOfDay to set the time SIL logging runs, you must specify a date and time.  This will behave as if configured in Windows Task Scheduler, but with limitations.  The calendar date will be set and logging will not occur until date is reached, in local system time, but the primary purpose of this manageability is about setting the time of day.

  2. When using Get-SilSoftware, or Get-SilWindowsUpdate, “InstallDate” will always show 12:00:00AM, a meaningless value. 

  3. When using Get-SilUalAccess, “SampleDate” will always show 11:59:00PM, a meaningless value.  Date is the pertinent data for these cmdlet queries.

You can configure an unattended Windows Server 2012 R2 installation with the following script.to enable Software Inventory Logging. This script schedules data collection 10 seconds after first logon, and writes the collected data to C:\Windows\System32\LogFiles\SIL folder.

<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
                           <SynchronousCommand wcm:action="add">
                                  <CommandLine>%windir%\System32\cmd.exe /c powershell -c Start-SilLogging;Set-SilLogging -TimeOfDay (Get-Date).AddSeconds(10) -TargetURI "http://testdcil/file.upload"</CommandLine>
                                  <Description>Enable Software Inventory Logging.</Description>

Once your unattended installation completes, you can sysprep it and use the resulting image to stage other VMs.

With SIL enabled and configured, remove the unattend file from this computer. If you want to change the default data collection time to 30 minutes after login, you can run the following cmndlet in PowerShell:

Set-SilLogging -TimeOfDay (Get-Date).AddMinutes(30) -TargetURI "http://testdcil/file.upload"

Then, to start the sysprep, run the following command at a command prompt

C:\Windows\System32\Sysprep\sysprep.exe /generalize /oobe /shutdown

The resulting image will:

  1. Preserve the registry setting for Software Inventory Logging (including your specified target URI to forward SIL data to).

  2. Preserve the Task Scheduler Settings and enable the daily collection task.

When using Software Inventory Logging on a Windows Server 2012 R2 Hyper-V host, it is possible to retrieve SIL data from Windows Server 2012 R2 guests that are running locally, if SIL logging has been started in the guest(s).  However, this is only possible when using the Get-SilData and Publish-SilData Powershell cmdlets, and only possible with Windows Server 2012 R2 in both host and guest.  The purpose of this capability is to allow data center administrators that provide guest VMs to tenants, or other entities of a large corporation, to capture software inventory data at the hypervisor host and subsequently forward all of this data to an aggregator (or target URI). 

Below are two examples of what the output on the Powershell console would look like (much abbreviated) on a Windows Server 2012 R2 Hyper-V host running one Windows Server 2012 R2 guest VM with SIL logging started.  You will notice the first example, which uses Get-SilData alone, will output all data from the host as expected.  Also included is all SIL data from the guest, but in a collapsed format.  To expand and view this data from the guest, simply cut and paste the snippet used in the second example below.  SIL data objects from the guest will always have the VM GUID associated within the object.

Since SIL data is output on the console, when using the Get-SilData PS cmdlet, in data streams, objects will not always be output in a predictive order.  In the two examples below, the text has been color coded (blue for physical host data and green for virtual guest data) only as an illustrative tool for this document.

Output Example 1

SIL Hyper-V Example 1

Output Example 2 (w/Expand-SilData function)

SIL Hyper-V Example 2

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2014 Microsoft