Trace level logging

Applies To: Forefront Client Security

Client Security provides trace logging functionality. With trace logging enabled, actions and results are logged to a file in a location you specify. If you do not specify a path for the location, the results will be logged to a file in your home folder.

To enable trace logging, create the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft Forefront\Client Security\1.0\Diagnostics

After creating the key, add the appropriate registry values from the following table as REG_SZ data types, and then restart the appropriate services.

Value Service or program to restart

PolicyTracing

Client Security console

UpdateAssistantTracing

WSUS Helper Service

SetupAndConfigTracing

Server Setup

UpdateAssistantConfigTracing

Server Setup

EnterpriseManagerTracing

Enterprise Manager and SQL Server stored procedures

The following table lists the possible values for trace logging.

Value Output

Off (0)

No tracing messages

Error (1)

Error messages

Warning (2)

Warning and error messages

Info (3)

Informational, warning, and error messages

Verbose (4)

All tracing messages (not typically used)

When added to the registry path, two additional values control the following:

  • Location of the log filesLogFile is a REG_SZ or REG_EXPAND_SZ data type and controls the location of the trace log files. If LogFile is not present or the value entered is not valid, no logging is enabled.

  • Fields included in the trace logsTraceOutputOptions is a REG_DWORD data type and controls additional fields in the trace logs. If the TraceOutputOptions key is not specified, or the value entered is invalid or unreadable, then the default is to add the DateTime and ProcessID fields. To log all fields in the trace log, enter 0x3F for the value.

    The values for TraceOutputOptions are described in the following table.

Value Name Description

0x0

None

Do not write any extra fields.

0x1

LogicalOperationStack

Write the logical operation stack, which is represented by the return value of the CorrelationManager.LogicalOperationStack property.

0x3

DateTime

Write the date and time.

0x4

Timestamp

Write the time stamp, which is represented by the return value of the System.Diagnostics.Stopwatch.GetTimeStamp() method.

0x8

ProcessID

Write the process identifier, which is represented by the return value of the Process.Id property.

0x10

ThreadID

Write the thread identifier, which is represented by the return value of the Thread.ManagedThreadId property for the current thread.

0x20

Callstack

Write the call stack, which is represented by the return value of the Environment.StackTrace property.