Tracing is a detailed logging of the actions taken by Forefront Protection 2010 for Exchange Server (FPE). Enabled by default, tracing helps support engineers diagnose and troubleshoot problems. Although you can control tracing by using the Tracelog.exe tool, some of the most common tracing settings can be configured directly by using the Forefront Management Shell to enter Windows PowerShell commands.
Monitoring without the aid of customer support
Tracing is for advanced troubleshooting scenarios. You should only use tracing under the direction of customer support. In order to investigate errors or to monitor your system on your own, it is recommended that you use the Windows Event Viewer.
To access the Windows Event Viewer-
Click Start, point to All Programs, point to Control Panel, point to Administrative Tools, and then click Event Viewer.
The tools needed for tracing are tracelog.exe and tracefmt.exe. These are part of the Windows Driver Kit, and you can download them from Microsoft's WDK and Developer Tools site. In addition, a batch file called tracereader.bat is provided in order to automate the most common uses of tracelog.exe and tracefmt.exe.
Configuring tracing
You can configure the following trace settings by using the Windows PowerShell Set-FseTracing cmdlet:
- The level of tracing, in order to indicate
how much detail is included in the trace
- The tracing flags, in order to indicate the
functions being traced
- The maximum size of the trace log
- The frequency with which buffered tracing
events are flushed (written) to the trace log
This is the syntax of the Set-FseTracing cmdlet:
Set-FseTracing [-Level level] [-Flags flags] [-MaxLogSize MaxLogSize] [FlushFrequency frequency]
The following sections describe the parameters.
Configuring tracing levels
In order to indicate how much detail to include in the trace, use the -Level parameter of Set-FseTracing.
The values are ordered so that each includes all previous values. For example, the default level value (Information) logs all information messages, as well as warning, error, and fatal messages. The following table lists the levels that you can set, from least to most inclusive.
Level | Output |
---|---|
Fatal |
All fatal error tracing statements. |
Error |
All fatal error tracing statements, plus those mentioning other errors. |
Warning |
All error and fatal error tracing statements, plus those with a warning. |
Information |
All warning, error, and fatal error tracing statements, plus a set of statements containing additional information. This is the default. |
Verbose |
All information, warning, error, and fatal error tracing statements, plus statements containing more information about normal operation. |
Noise |
All possible tracing statements. This results in high levels of "noise" in the trace log. |
-
Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
-
At the Windows PowerShell command prompt, enter the following:
Copy Code Set-FseTracing -Level level
This example sets the level to Warning:
Set-FseTracing -Level
Warning
Configuring tracing flags
To indicate what functions are being traced, use the -Flags parameter of Set-FseTracing. This permits a finer level of control. You may specify multiple flags as a comma-separated array. The following table describes the available flags.
Flag | Enabled by default | Function |
---|---|---|
Default |
- |
Restores all default values |
All |
- |
Enables all tracing flags |
Antispam |
Yes |
Antispam scanning |
EngineAdapters |
Yes |
Scan-engine interface adapters |
EngineUpdates |
Yes |
Traces engine updating pipeline |
FileNavigators |
Yes |
File parsers |
Generic |
Yes |
Output with no flag specified |
HResult |
Yes |
Return codes from function calls |
ScanJobs |
Yes |
Scanning processes |
ThreatScanning |
Yes |
Coordinates engines when data is being scanned and cleaned |
Common |
No |
Core product functionality |
Configuration |
No |
Configuration changes |
IPC |
No |
Inter-process communication between workload hook and scanning processes |
Stack |
No |
Program stack call |
Statistics |
No |
Performance counter-related functionality |
-
Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
-
At the Windows PowerShell command prompt, enter the following:
Copy Code Set-FseTracing -flag flags
This example sets the Stack flag:
Set-FseTracing -flag
Stack
This example sets the engine adapters, threat scanning, and generic flags:
Set-FseTracing -flag
EngineAdapters,ThreatScanning,Generic
Configuring maximum tracing log size
In order to indicate the maximum size of the trace log, use the -MaxLogSize parameter of Set-FseTracing.
The maximum trace log size is specified in megabytes (MB). The minimum size is 16 MB, and the maximum size is 1024 MB (1 gigabyte), which is the default value. The maximum trace log size value includes the combined value of the program log (ProgramLog.etl) plus any archived program logs (located in the ProgramLogArchive directory). The maximum size for any single program log is 512 MB, or half the configured total.
To configure the maximum trace log size-
Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
-
At the Windows PowerShell command prompt, enter the following command:
Copy Code Set-FseTracing -MaxLogSize MaxLogSize
This example sets a trace log size limit of 768 MB for all program logs:
Set-FseTracing -MaxLogSize
768
In this example, the maximum file size for any single program log is 384 MB.
After changing the maximum tracing log size setting, restart the tracing session in order for the change to take effect.
To restart the tracing session-
At the Windows PowerShell command prompt, stop the tracing session by entering the following command:
Copy Code Logman stop FssTracingSession –ets
-
Stop the Forefront Server Protection Controller service by entering the following command:
Copy Code Net stop FSCController
-
Start the Forefront Server Protection Controller service (which automatically starts the tracing session) by entering the following command:
Copy Code Net start FSCController
Configuring the flush frequency
To indicate the frequency (in seconds) of writing (flushing) buffered tracing events to the trace log, use the -FlushFrequency parameter of Set-FseTracing. The buffer is always flushed when filled or when the trace is ended, regardless of the value of flush frequency.
The frequency can be any positive integer. The default of 0 means that buffers are flushed as soon as they become full.
To configure the flush frequency-
Click Start, point to All Programs, point to Microsoft Forefront Server Protection, and then click Forefront Management Shell.
-
At the Windows PowerShell command prompt, enter the following:
Copy Code Set-FseTracing -FlushFrequency frequency
This example sets a flush frequency of 10 seconds:
Set-FseTracing
-FlushFrequency 10