Tracing
Applies to: Forefront Protection 2010 for SharePoint
Tracing is a detailed logging of the actions taken by Microsoft Forefront Protection 2010 for SharePoint (FPSP). Enabled by default, tracing helps support engineers diagnose and troubleshoot problems. Although you can control tracing by using the Tracelog.exe tool, some of the most common tracing settings can be configured directly by using the Forefront Management Shell to enter Windows PowerShell commands.
Monitoring without the aid of customer support
Tracing is for advanced troubleshooting scenarios. You should only use tracing under the direction of customer support. In order to investigate errors or to monitor your system on your own, it is recommended that you use the Windows Event Viewer.
To access the Windows Event Viewer
- Click Start, point to All Programs, point to Control Panel, point to Administrative Tools, and then click Event Viewer.
You can also format the debugging logs for direct examination. The tools needed for controlling a tracing session and formatting these logs are logman and fsctraceformat.exe. Logman is a standard Windows utility, while fsctraceformat.exe is included in your FPSP program folder.
Configuring tracing
You can configure the following trace settings by using the Windows PowerShell Set-FsspTracing cmdlet:
The level of tracing, in order to indicate how much detail is included in the trace
The tracing flags, in order to indicate the functions being traced
The maximum size of the trace log
The frequency with which buffered tracing events are flushed (written) to the trace log
This is the syntax of the Set-FsspTracing cmdlet:
Set-FsspTracing [-Level
level] [-Flags
flags] [-MaxLogSize
MaxLogSize] [FlushFrequency
frequency]
The following sections describe the parameters.
Configuring tracing levels
To indicate how much detail to include in the trace, use the -Level parameter of Set-FsspTracing.
The values are ordered so that each includes all previous values. For example, the default level value (Information) logs all information messages, as well as warning, error, and fatal messages. The following table lists the levels that you can set, from least to most inclusive.
Level | Output |
---|---|
Fatal |
All fatal error tracing statements. |
Error |
All fatal error tracing statements, plus those mentioning other errors. |
Warning |
All error and fatal error tracing statements, plus those with a warning. |
Information |
All warning, error, and fatal error tracing statements, plus a set of statements containing additional information. This is the default. |
Verbose |
All information, warning, error, and fatal error tracing statements, plus statements containing more information about normal operation. |
Noise |
All possible tracing statements. This results in high levels of "noise" in the trace log. |
To configure tracing levels
Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
At the Windows PowerShell command prompt, enter the following:
Set-FsspTracing -Level level
This example sets the level to Warning:
Set-FsspTracing -Level Warning
Configuring tracing flags
To indicate what functions are being traced, use the -Flags parameter of Set-FsspTracing. This permits a finer level of control. You may specify multiple flags as a comma-separated array. The following table describes the available flags:
Flag | Enabled by default | Function |
---|---|---|
Default |
- |
Restores all default values |
All |
- |
Enables all tracing flags |
EngineAdapters |
Yes |
Scan-engine interface adapters |
EngineUpdates |
Yes |
Traces engine updating pipeline |
FileNavigators |
Yes |
File parsers |
Generic |
Yes |
Output with no flag specified |
HResult |
Yes |
Return codes from function calls |
ScanJobs |
Yes |
Scanning processes |
ThreatScanning |
Yes |
Coordinates engines when data is being scanned and cleaned |
Common |
No |
Core product functionality |
Configuration |
No |
Configuration changes |
IPC |
No |
Inter-process communication between workload hook and scanning processes |
Stack |
No |
Program stack call |
Statistics |
No |
Performance counter-related functionality |
To configure tracing flags
Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
At the Windows PowerShell command prompt, enter the following:
Set-FsspTracing -flag flags
This example sets the Stack flag:
Set-FsspTracing -flag Stack
This example sets the engine adapters, threat scanning, and generic flags:
Set-FsspTracing -flag EngineAdapters,ThreatScanning,Generic
Configuring the maximum tracing log size
In order to indicate the maximum size of the tracing log, use the Global Settings – Advanced Options setting Maximum tracing log size (megabytes).
The maximum tracing log size is specified in megabytes (MB). The minimum size is 16 MB, and the maximum size is 1024 MB (1 gigabyte), which is the default value. The maximum tracing log size value includes the combined value of the program log (ProgramLog.etl) plus any archived program logs (located in the ProgramLogArchive directory). The maximum size for any single program log is 512 MB, or half the configured total.
To configure the maximum tracing log size
In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management, and under Global Settings, click Advanced Options.
In the Global Settings - Advanced Options pane, under the Tracing options section, specify the value in the Maximum tracing log size (megabytes) field, and then click Save.
For example, if you enter 768, this sets a tracing log size limit of 768 MB for all program logs and 384 MB for any single program log.
Note
The tracing session is automatically restarted when this setting is changed.
Configuring the flush frequency
To indicate the frequency (in seconds) of writing (flushing) buffered tracing events to the trace log, use the -FlushFrequency parameter of Set-FsspTracing. The buffer is always flushed when filled or when the trace is ended, regardless of the value of flush frequency.
The frequency can be any positive integer. The default of 0 means that buffers are flushed as soon as they become full.
To configure the flush frequency
Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
At the PowerShell command prompt, enter the following:
Set-FsspTracing -FlushFrequency frequency
This example sets a flush frequency of 10 seconds:
Set-FsspTracing -FlushFrequency 10