You can configure the following logging options for Microsoft Forefront Protection 2010 for SharePoint (FPSP):

Enabling or disabling incidents logging

You can enable or disable incidents logging for each scan job type (realtime, scheduled, on-demand). Enabling incidents logging allows you to track the performance of FPSP more efficiently. However, disabling incidents logging can save you disk space if your resources are limited, provided that you also disable quarantining for that scan job. (If you disable incidents logging for a scan job but quarantining remains enabled, the incident is still written to the database so that FPSP can quarantine the item. However, the item is not displayed in the Incidents pane.)

To enable or disable incident logging options
  1. In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.

  2. In the Global Settings - Advanced Options pane, in the Logging options section, using the check boxes, disable or enable the following incident logging options:

    • Enable realtime incident logging—Specifies whether FPSP should enable incident logging for the realtime scan job. By default, realtime incident logging is enabled. To disable the logging of incidents detected during realtime scanning, clear the check box.

    • Enable scheduled incident logging—Specifies whether FPSP should enable incident logging for the scheduled scan job. By default, scheduled incident logging is enabled. To disable the logging of incidents detected during scheduled scanning, clear the check box.

    • Enable on-demand incident logging—Specifies whether FPSP should enable incident logging for the on-demand scan job. By default, on-demand incident logging is enabled. To disable the logging of incidents detected during on-demand scanning, clear the check box.

  3. Click Save.

Note:
For more information about incidents, see Viewing and managing incidents.

Enabling or disabling writing to the event log

You can enable or disable the writing of events to the event log. You can separately enable or disable event logging for incidents, engines, and operations. By default, event logging is enabled for all events.

Note:
For more information about viewing the event log by accessing Windows Event Viewer, see Using Windows Event Viewer.
To enable or disable writing to the event log
  1. In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.

  2. In the Global Settings - Advanced Options pane, in the Logging Options section, you can select or clear the Enable event logging check box. When checked (the default), you can use the associated check boxes to enable or disable the following options (which are enabled by default):

    • Incidents - Enables or disables event logging for incidents.

    • Engines - Enables or disables event logging for engines.

    • Operational - Enables or disables event logging for for all other events, such as system information and health events.

    When the Enable event logging check box is cleared, incidents logging is suspended for incidents, engines, and operational events.

  3. Click Save.

Note:
You must restart the FPSP services in order for any changes to these settings to take effect.

Enabling or disabling performance counter logging

You can enable or disable the logging of performance counters that can be viewed in Windows Performance Monitor.

To enable or disable performance counter logging
  1. In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.

  2. In the Global Settings - Advanced Options pane, in the Logging Options section, select (to enable) or clear (to disable) the Enable performance counters check box, and then click Save. By default, performance counters logging is enabled.

Note:
For more information about using Windows Performance Monitor with FPSP, see Using Windows Performance Monitor.

Configuring the program log detail level

You can configure the level of program log details to include from enabled tracing features. The values for the Program log detail level parameter are ordered so that each value includes all previous values. For example, the default value of Information means that all information, warning, error, and fatal tracing messages are logged.

To configure the program log detail level
  1. In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.

  2. In the Global Settings - Advanced Options pane, in the Logging Options section, using the Program log detail level drop-down list, select one of the following options:

    • Fatal—Includes only fatal error tracing statements.

    • Error—Includes all fatal error tracing statements, plus a set of statements containing other errors.

    • Warning—Includes all fatal error tracing statements, plus a set of statements containing warnings.

    • Information—Includes all warning, error, and fatal error tracing statements, plus a set of statements containing additional information. This is the default.

    • Verbose—Includes all information, warning, error, and fatal error tracing statements, plus statements containing more information about normal operation.

    • Noise—Includes all possible tracing statements. This results in high levels of "noise" in the tracing log.

  3. Click Save.

Note:
For more information about tracing, see Tracing.
[an error occurred while processing this directive]