You can configure the following logging options for Microsoft Forefront Protection 2010 for SharePoint (FPSP):
Enabling or disabling incidents logging
You can enable or disable incidents logging for each scan job type (realtime, scheduled, on-demand). Enabling incidents logging allows you to track the performance of FPSP more efficiently. However, disabling incidents logging can save you disk space if your resources are limited, provided that you also disable quarantining for that scan job. (If you disable incidents logging for a scan job but quarantining remains enabled, the incident is still written to the database so that FPSP can quarantine the item. However, the item is not displayed in the Incidents pane.)
To enable or disable incident logging options-
In the Forefront Protection 2010 for SharePoint Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Logging options section, using the check boxes, disable or enable the following incident logging options:
- Enable realtime incident
logging—Specifies whether FPSP should enable incident logging
for the realtime scan job. By default, realtime incident logging is
enabled. To disable the logging of incidents detected during
realtime scanning, clear the check box.
- Enable scheduled incident
logging—Specifies whether FPSP should enable incident logging
for the scheduled scan job. By default, scheduled incident logging
is enabled. To disable the logging of incidents detected during
scheduled scanning, clear the check box.
- Enable on-demand incident
logging—Specifies whether FPSP should enable incident logging
for the on-demand scan job. By default, on-demand incident logging
is enabled. To disable the logging of incidents detected during
on-demand scanning, clear the check box.
- Enable realtime incident
logging—Specifies whether FPSP should enable incident logging
for the realtime scan job. By default, realtime incident logging is
enabled. To disable the logging of incidents detected during
realtime scanning, clear the check box.
-
Click Save.
 Note: |
|---|
| For more information about incidents, see Viewing and managing incidents. |
Enabling or disabling writing to the event log
You can enable or disable the writing of events to the event log. You can separately enable or disable event logging for incidents, engines, and operations. By default, event logging is enabled for all events.
| Note: |
|---|
| For more information about viewing the event log by accessing Windows Event Viewer, see Using Windows Event Viewer. |
-
In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Logging Options section, you can select or clear the Enable event logging check box. When checked (the default), you can use the associated check boxes to enable or disable the following options (which are enabled by default):
- Incidents - Enables or disables event
logging for incidents.
- Engines - Enables or disables event
logging for engines.
- Operational - Enables or disables
event logging for for all other events, such as system information
and health events.
When the Enable event logging check box is cleared, incidents logging is suspended for incidents, engines, and operational events.
- Incidents - Enables or disables event
logging for incidents.
-
Click Save.
| Note: |
|---|
| You must restart the FPSP services in order for any changes to these settings to take effect. |
Enabling or disabling performance counter logging
You can enable or disable the logging of performance counters that can be viewed in Windows Performance Monitor.
To enable or disable performance counter logging-
In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Logging Options section, select (to enable) or clear (to disable) the Enable performance counters check box, and then click Save. By default, performance counters logging is enabled.
| Note: |
|---|
| For more information about using Windows Performance Monitor with FPSP, see Using Windows Performance Monitor. |
Configuring the program log detail level
You can configure the level of program log details to include from enabled tracing features. The values for the Program log detail level parameter are ordered so that each value includes all previous values. For example, the default value of Information means that all information, warning, error, and fatal tracing messages are logged.
To configure the program log detail level-
In the FPSP Administrator Console, click Policy Management, and in Global Settings, click Advanced Options.
-
In the Global Settings - Advanced Options pane, in the Logging Options section, using the Program log detail level drop-down list, select one of the following options:
- Fatal—Includes only fatal error
tracing statements.
- Error—Includes all fatal error tracing
statements, plus a set of statements containing other errors.
- Warning—Includes all fatal error
tracing statements, plus a set of statements containing
warnings.
- Information—Includes all warning,
error, and fatal error tracing statements, plus a set of statements
containing additional information. This is the default.
- Verbose—Includes all information,
warning, error, and fatal error tracing statements, plus statements
containing more information about normal operation.
- Noise—Includes all possible tracing
statements. This results in high levels of "noise" in the tracing
log.
- Fatal—Includes only fatal error
tracing statements.
-
Click Save.
| Note: |
|---|
| For more information about tracing, see Tracing. |