Archived from groups: microsoft.public.windowsxp.basics,microsoft.public.windowsxp.help_and_support (
More info?)
Hi Lisa,
I am so glad to hear that you finally nailed it!
You can't believe how many problems can be fixed by rebooting. After trying
to apply any "fix", if it does not seem to work, reboot. When in doubt,
reboot.
I wonder what started the NT Kernel Logger in the first place? Oh, well.
Keep having fun.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:u8lLi9ErFHA.2212@TK2MSFTNGP15.phx.gbl,
Lisa <0@00000hotmail.com> hunted and pecked:
> Hi Wesley,
>
> Three things;
>
> 1. you are a great man, I really and truly appreciate the time!
>
> 2. WMI Performance Adapter service was disabled already! So, I guess this
> NT kernel logger uses some other service to operate!
>
> 3. tracelog -x works but only for the current session. After re-booting,
> there's the TRACE.LOG file, growing as usual! But the regedit trick works
> after all but you have to reboot to get it to stick. I did not reboot my
> system the first time and that is why the log file was still growing!
>
> Again, thank you so much and have a great night!
>
> Lisa
>
>
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:%23KXDlEErFHA.528@TK2MSFTNGP09.phx.gbl...
>> Hi Lisa,
>>
>> I have no idea what started NT Kernel Logger. Apparently it logs every
>> dang
>> thing.
>>
>> I have a suspicion.
>>
>> First look at Performance.
>> Start | Run | Type: perfmon.msc | Click OK |
>> Click on Performance Logs and Alerts and look around.
>>
>> OK, I just found this...
>>
>> From Performance HELP:
>>
>> [[Any existing logs will be listed in the details pane. A green icon
>> indicates that a log is running; a red icon indicates that a log has been
>> stopped.]]
>>
>> [[To view or change properties of a log or alert
>> 1. Open Performance.
>> 2. Double-click Performance Logs and Alerts.
>> 3. Click Counter Logs, Trace Logs, or Alerts.
>> 4. In the details pane, double-click the name of the log or alert.
>> 5. View or change the log properties as needed.]]
>>
>> [[To define start or stop parameters for a log or alert
>> 1. Open Performance.
>> 2. Double-click Performance Logs and Alerts, and then click Counter
>> Logs, Trace Logs, or Alerts.
>> 3. In the details pane, double-click the name of the log or alert.
>> 4. Click the Schedule tab.
>> 5. Is for Start, we do not want that.
>> 6. Under Stop log, select one of the following options:
>> To stop the log or alert manually, click Manually. When this option is
>> selected, to stop the log or alert, right-click the log or alert name in
>> the
>> details pane, and click Stop.]]
>>
>> You can disable the WMI Performance Adapter service in Services.
>> Start | Run | Type: services.msc | Click OK |
>> Scroll clear down to and double click WMI Performance Adapter |
>> Click the Stop button | Set the Startup type to Disabled | Click Apply |
>> Click OK | Close Services | Maybe you have to reboot for it to stop and
>> not
>> get started again, I'm not sure. Been to long since I disabled it for me
>> to
>> remember.
>>
>> If the WMI Performance Adapter service is disabled, no Performance
>> logging can take place. I have it disabled. For instance if you open
>> Performance
>> (perfmon.msc), Console1.msc or and click on Performance Logs and Alerts
>> you'll get a message...
>>
>> [[The service cannot be started, either because it is disabled or because
>> it
>> has no enabled devices associated with it.]]
>>
>> If you find that the problem was from Performance, disable the WMI
>> Performance Adapter service so that it can't happen again.
>> -----
>>
>> If nothing above helped, read on.
>>
>> You can type this in a command prompt for help on tracelog.
>>
>> tracelog /?
>>
>> This command will Stop all active trace sessions...
>>
>> tracelog -x
>>
>> I do not know if this command will work, type or paste into a command
>> prompt...
>>
>> tracelog -stop NT Kernel Logger
>>
>> It's worth a shot, if nothing above helped.
>>
>> Same with..
>>
>> tracelog -disable NT Kernel Logger
>>
>> You can read through this, if you want...
>>
http://www.techspot.com/vb/all/windows/t-490-Difficulty-finding-LogFiles.html
>>
>> More info...
>>
>> NT Kernel Logger Trace Session
>>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ddtools/hh/ddtools/tracetools_85d66a98-bc80-4dc4-bce8-7bb7618ff5be.xml.asp
>>
>> Start an NT Kernel Logger Trace Session
>>
http://msdn.microsoft.com/library/en-us/ddtools/hh/ddtools/tracelog_ead9da62-ba78-4926-8f62-e68d8d6292ba.xml.asp
>>
>> Tracelog Commands
>>
http://msdn.microsoft.com/library/en-us/ddtools/hh/ddtools/tracelog_b6beb1b9-7356-4975-8f53-2f2338ae1927.xml.asp
>>
>> I have enough here to keep you busy for a while. ;-)
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:uL9GGZDrFHA.460@TK2MSFTNGP15.phx.gbl,
>> Lisa <0@00000hotmail.com> hunted and pecked:
>>> Hi Again,
>>>
>>> -Done the regedit trick but it did not help! The trace.log file is still
>>> active and it is growing!
>>>
>>> -Did a search for bootvis.exe but it is not on my PC!
>>>
>>> -I installed the Windows Support Tools and run TRACELOG -L and this is
>>> what I am getting. I hope that you can help me out! Thank you very much.
>>>
>>> C:\Documents and Settings\M. Sabra>TRACELOG -L
>>> Logger Name: NT Kernel Logger
>>> Logger Id: 1
>>> Logger Thread Id: 00000064
>>> Buffer Size: 64 Kb
>>> Maximum Buffers: 120
>>> Minimum Buffers: 30
>>> Number of Buffers: 93
>>> Free Buffers: 89
>>> Buffers Written: 4479
>>> Events Lost: 0
>>> Log Buffers Lost: 0
>>> Real Time Buffers Lost: 0
>>> AgeLimit: 15
>>> Log File Mode: Sequential
>>> Enabled tracing: Process Thread Disk File HardFaults ImageLoad
>>> Log Filename: C:\WINDOWS\System32\LogFiles\WMI\trace.log
>>>
>>> C:\Documents and Settings\Lisa>
>>>
>>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
>>> news:%23Hp9qLDrFHA.2540@TK2MSFTNGP09.phx.gbl...
>>>> Lisa,
>>>>
>>>> TRACELOG is tracelog.exe (WMI Event Trace Logger).
>>>>
>>>> I thought it was part of XP. It isn't, it's part of the Windows
>>>> Support Tools. I apologize. I sometimes forget what came with what
>>>> or where I got
>>>> it.
>>>>
>>>> All my research shows that this..
>>>> C:\windows\system32\logfiles\wmi\trace.log
>>>> is caused by bootvis.exe.
>>>>
>>>> Open the Registry Editor...
>>>> Start | Run | Type: regedit | Click OK |
>>>> Navigate to >>>
>>>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
>>>> In the right hand pane you may see Start listed under the Name column.
>>>> If you do, and the Data is 1, double click on Start and set the value
>>>> to
>>>> 0.
>>>>
>>>> Now, just in case, do a Search on your machine for bootvis.exe, if you
>>>> find
>>>> it, delete it. It isn't malicious, but it can cause problems. Bootvis
>>>> is a
>>>> Microsoft tool, but MS pulled the downloading of it because of the
>>>> problems
>>>> the average user has with it.
>>>>
>>>> If you're interested in Windows Support Tools.
>>>>
>>>> Windows Support Tools is on the XP CD.
>>>>
>>>> Drive:\SUPPORT\TOOLS
>>>>
>>>> Along with many useful tools built into the Windows operating system,
>>>> over 40 additional Support Tools are included on the Windows CD.
>>>>
>>>> To install Windows Support Tools
>>>>
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tools_howto.mspx
>>>>
>>>> Windows Support Tools
>>>>
>>
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/tools_overview.asp
>>>>
>>>>
>>>> Windows XP Service Pack 2 Support Tools
>>>>
>>
http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
>>>>
>>>> Using the Windows XP support tools
>>>>
>>
http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fworldwide%2Fen-gb%2Futility.asp
>>>>
>>>> Using the Windows XP support tools (Part 2)
>>>>
>>
http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fworldwide%2Fen-gb%2Futility2.asp
>>>>
>>>> Using the Windows XP support tools (Part 3)
>>>>
>>
http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fworldwide%2Fen-gb%2Futility3.asp
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>>
>>>> Wes
>>>> MS-MVP Windows Shell/User
>>>>
>>>> In news:emIu3gCrFHA.3596@TK2MSFTNGP15.phx.gbl,
>>>> Lisa <0@00000hotmail.com> hunted and pecked:
>>>>> Hi Wesley,
>>>>>
>>>>> Never used bootvis! Don't even know what it is!
>>>>>
>>>>> When I try to run TRACELOG -L from the command prompt, I get the
>>>>> following; ['TRACELOG' is not recognized as an internal or external
>>>>> command, operable program or batch file.]
>>>>>
>>>>> Thanks!
>>>>>
>>>>> C:\>
>>>>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
>>>>> news:%23X8uMLArFHA.2880@TK2MSFTNGP12.phx.gbl...
>>>>>> Normal WMI logging logs are found in...
>>>>>> %windir%\system32\wbem\logs
>>>>>> or
>>>>>> C:\WINDOWS\system32\wbem\logs
>>>>>>
>>>>>> You may see a bunch of logs in that folder.
>>>>>>
>>>>>> Did you ever use bootvis.exe?
>>>>>> If yes...
>>>>>>
>>>>>> [[After running the MS Bootvis utility, the file
>>>>>> C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.
>>>>>>
>>>>>> The file shrinks on rebooting but may rapidly grow to a few gig's in
>>>>>> size, to cure the problem run BootVis again and click Trace-->Stop
>>>>>> Tracing, the file will now stop growing and may be safely deleted.]]
>>>>>> From...
>>>>>>
http://forums.infoprosjoint.net/showthread.php?t=2806
>>>>>>
>>>>>> If that wasn't it, try this, it will List all trace sessions.
>>>>>> Open a command prompt...
>>>>>> Start | Run | Type: cmd | Click OK |
>>>>>> When the command prompt opens type or paste:
>>>>>>
>>>>>> TRACELOG -L
>>>>>>
>>>>>> Hit your Enter key.
>>>>>>
>>>>>> If anything is running a trace it should show up, otherwise it
>>>>>> returns to
>>>>>> the prompt.
>>>>>>
>>>>>> --
>>>>>> Hope this helps. Let us know.
>>>>>>
>>>>>> Wes
>>>>>> MS-MVP Windows Shell/User
>>>>>>
>>>>>> In news:%23%23KCks$qFHA.3736@TK2MSFTNGP10.phx.gbl,
>>>>>> Lisa <0@00000hotmail.com> hunted and pecked:
>>>>>>> Hi, Last week I posted here requesting help with my Hard drive
>>>>>>> filling
>>>>>>> up all the time and needing to restart the PC to reclaim the lost
>>>>>>> space.
>>>>>>> Today, I found out that the WMI log
>>>>>>> (\windows\system32\logfiles\WMI\trace.log) is using all available
>>>>>>> space on that partition, filling the drive. restarting the system
>>>>>>> causes the log to be reset! What is happening here? Do I really need
>>>>>>> that log? Can I stop it and how? Again, TIA.
Facebook
Twitter
Instagram