Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

73 lines
3.2 KiB

  1. WMI LOGGING
  2. -----------
  3. I. To start logging
  4. a. for Mup.sys and Dfs.sys
  5. use the tracelog program.
  6. for example:
  7. tracelog -start <SessionName> -f <logFile> -guid <control guid file> -level <level> -flags <flags>
  8. the flags need to be given in decimal form, not hex.
  9. You can start multiple logger session at one time or you can log multiple components at once by including
  10. multiple contols guids in the control guid file.
  11. b. for dfssvc.exe
  12. dfssvc logging is contoled by registry settings
  13. To enable logging in this component set the following keys under
  14. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Tracing\DFS Service\
  15. Active=1
  16. Level = <level>
  17. ControlFlags = <flags>
  18. LogFileName = <logFile>
  19. II. Stop logging
  20. Before looking at the logs, you should stop the log session.
  21. tracelog -stop <SessionName>
  22. III. Dumping the logs
  23. use tracedmp (soemtimes found as tracefmt)
  24. tracedmp -f <logFile> -guid <mof file> -o <outputfile>
  25. IV. Finding the files for logging
  26. a. The logging utilities (tracedmp, tracelog, etc) are part of idw or can be found
  27. in \\scratch\scratch\drewsam\Logging (copy all files from this directory for logging.)
  28. b. The control guid and mof files can be found in the mup, dfs\driver, dfssvc, and dfsm\server diectories.
  29. They are mupwpp.mof, dfswpp.mof, svcwpp.mof, dfsmwpp.mof, mupctrl.guid, dfsctrl.guid, svcctrl.guid
  30. Dfsm and Dfssvc are controled by one guid. These files are also updated in \\scratch\scratch\drewsam\Logging
  31. from time to time. Make sure you have the most up to date files.
  32. V. Flags
  33. The flags used in mup, dfs, and dfssvc are:
  34. DEFAULT 0x0001
  35. TRACE_IRP 0x0004 (not used in dfsvc)
  36. ALL_ERROR 0x2000
  37. ERROR 0x4000
  38. TRACE_IRP - logs that will help track the path of an IRP.
  39. ERROR - logs of errors that occured. These are only actually logged if there was an error.
  40. ALL_ERROR - all error logs, regardless of whether there was an error or not
  41. VI. Level
  42. HIGH 0x1 - only the most important logs
  43. NORM 0x2
  44. LOW 0x4 - all logs
  45. VII. Troubleshooting
  46. a. Problems with logging pointers on ia64. There were many iterations of problems with WMI logging
  47. on ia64. Check that in the mof file all pointers are type ItemPtr and that the format string
  48. uses %n!p! and not %n!08x!
  49. b. A good source to contact with problems is either DrewSam (originally put logging in DFS and MUP)
  50. or IanServ (the guy we got logging from).
  51. ADDING NEW LOGS
  52. ---------------
  53. I. Add logs to source files
  54. Simply add new logs using the logging macros (DFS_TRACE_HIGH, MUP_TRACE_HIGH, etc) to the source code.
  55. II. Run wpp01.exe
  56. From the directory with the modified source run \nt\base\fs\mup\wml\wpp01.exe
  57. This will generate two files: XXXwpp.h, and newXXXwpp.mof
  58. III. Append the mof files
  59. Append the contentes of newXXXwpp.mof to the end of XXXwpp.mof
  60. IV. Copy the MSG_ID's
  61. Copy the lines from XXXwpp.h of the form "#define MSG_ID_*" into XXXwml.h
  62. remove the old MSG_ID defines form XXXwml.h
  63. V. Copy the traceguid
  64. Replace the first trace guid in XXXwml.c with the new trace guid in XXXwpp.h
  65. NOTE: do not replace the control guid!!!
  66. VI. Build
  67. The code should now build fine.