Cluster Log Basics
In this chapter, the term cluster always refers to a server cluster, which is a group of servers linked by Cluster service that provides high availability and application failover support. The Cluster service comprises Clussvc.exe and associated dynamic-link libraries (DLLs) and executable files.
Cluster activity is the sum of any and all events that take place in a cluster. Cluster activity includes major blocks of activity, such as the initialization, joining, and forming operations.
The cluster log is a diagnostic log that is a more complete record of cluster activity than the Microsoft Windows 2000 event log; the cluster log records the Cluster service activity that leads up to the events recorded in the event log. Although the event log can point you to a problem, the cluster log helps you get at its root. So, for diagnosis, check the event log first, then the cluster log. For more information about correlating the entries in the event log and the cluster log, see "Correlating the Windows 2000 Event Log and the Cluster Log" later in this chapter.
.gif "note-icon")
Note
The cluster log records only the events of a single member in a server cluster. It does not record events for network load balancing. To record all the events in a Cluster service cluster, you must enable logging for each member of the cluster.
To successfully interpret the cluster log, you need to be familiar with the following areas:
Anatomy of a cluster log entry.
Meanings of abbreviations such as [DM], [RGP], and [JOIN].
Meanings of state codes.
Techniques for tracking the source of a problem.