Select trace log providers and events

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To select trace log providers and events

  • Using the Windows interface

  • Using a command line

Using the Windows interface

  1. Open Performance.

  2. Double-click Performance Logs and Alerts, and then click Trace Logs.

  3. In the details pane, double-click the log.

  4. For a list of the installed providers and their status (enabled or not), click Provider Status.

    Only one instance of each trace provider can be enabled at any given time.

    By default, the Nonsystem providers option is selected to keep trade logging overhead to a minimum.

  5. If you click Events logged by system provider, a default provider (the Windows kernel trace provider) is used to monitor processes, threads, and other activity. To define events for logging, click the check boxes as appropriate.

  6. If you click Nonsystem providers, you can select the data providers you want--for example, if you have written your own providers. Use the Add or Remove buttons as needed.

Notes

  • To open Performance, click Start, click Control Panel, double-click Administrative Tools, and then double-click Performance.

  • Trace logging of file details and page faults can generate an extremely large amount of data. It is recommended that you limit trace logging using the file details and page fault options to a maximum of two hours.

  • The Windows kernel trace provider and some other providers require you to run the collection under the authority of an account with administrative credentials. By default, the service runs under the NT Authority\NetworkService account. Use the Run as text box to specify an administrator account to do this.

Using a command line

  1. Open Command Prompt.

  2. Type the appropriate command below:

Action Command

To view each installed provider and its status.

logmanqueryproviders

To specify that data collected by the system trace provider is logged.

logmanupdatecollection_name-P "Windows kernel trace" (process, thread, disk, net, page, file)

To specify that data collected by a provider other than the Windows kernel trace provider is logged.

logmanupdatecollection_name-Pprovider

Value Description

queryproviders

Queries the providers installed on the local system.

updatecollection_name

Updates the collection query named collection_name.

-P "Windows kernel trace" (process, thread, disk, net, page, file)

Specifies "Windows kernEl trace" as the provider that collects data for the trace log. Process, thread, disk, net, pf, hf, registry, image, and file are optional events to include in the trace log.

Use process to include data on the creating and ending processes.

Use thread to include data on the creating and ending threads.

Use disk to include data on disk input/output operations.

Use net to include data on TCP/IP send or receive requests.

Use pf to enable soft page fault tracing.

Use hf to enable hard page fault tracing.

Use registry to include data on registry operations.

Use image to include data on the program name for the loaded process.

Use file to include file I/O data.

-Pprovider

Specifies the non-system provider that collects data for the trace log.

For example, to specify that a provider named Nonsystem01 is used to collect data for a trace log named perf_log, type:

logman update perf_log -P Nonsystem01

Notes

  • The Windows kernel trace provider and some other providers require you to run the collection under the authority of an account with administrative credentials. By default, the service runs under the NT Authority\NetworkService account. Use the -u option to specify an account with administrative credentials.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To view the complete syntax for this command, at a command prompt, type:

    logman /?

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Set parameters for a log
Create a trace log
View or change properties of a log or alert
Define trace log buffers
Logman