Archived from groups: microsoft.public.windowsxp.basics,microsoft.public.windowsxp.help_and_support (
More info?)
Hi Lisa,
I am so glad to hear that you finally nailed it!
🙂
You can't believe how many problems can be fixed by rebooting. After trying
to apply any "fix", if it does not seem to work, reboot. When in doubt,
reboot.
I wonder what started the NT Kernel Logger in the first place? Oh, well.
Keep having fun.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:u8lLi9ErFHA.2212@TK2MSFTNGP15.phx.gbl,
Lisa <0@00000hotmail.com> hunted and pecked:
> Hi Wesley,
>
> Three things;
>
> 1. you are a great man, I really and truly appreciate the time!
>
> 2. WMI Performance Adapter service was disabled already! So, I guess this
> NT kernel logger uses some other service to operate!
>
> 3. tracelog -x works but only for the current session. After re-booting,
> there's the TRACE.LOG file, growing as usual! But the regedit trick works
> after all but you have to reboot to get it to stick. I did not reboot my
> system the first time and that is why the log file was still growing!
>
> Again, thank you so much and have a great night!
>
> Lisa
>
>
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:%23KXDlEErFHA.528@TK2MSFTNGP09.phx.gbl...
>> Hi Lisa,
>>
>> I have no idea what started NT Kernel Logger. Apparently it logs every
>> dang
>> thing.
>>
>> I have a suspicion.
>>
>> First look at Performance.
>> Start | Run | Type: perfmon.msc | Click OK |
>> Click on Performance Logs and Alerts and look around.
>>
>> OK, I just found this...
>>
>> From Performance HELP:
>>
>> [[Any existing logs will be listed in the details pane. A green icon
>> indicates that a log is running; a red icon indicates that a log has been
>> stopped.]]
>>
>> [[To view or change properties of a log or alert
>> 1. Open Performance.
>> 2. Double-click Performance Logs and Alerts.
>> 3. Click Counter Logs, Trace Logs, or Alerts.
>> 4. In the details pane, double-click the name of the log or alert.
>> 5. View or change the log properties as needed.]]
>>
>> [[To define start or stop parameters for a log or alert
>> 1. Open Performance.
>> 2. Double-click Performance Logs and Alerts, and then click Counter
>> Logs, Trace Logs, or Alerts.
>> 3. In the details pane, double-click the name of the log or alert.
>> 4. Click the Schedule tab.
>> 5. Is for Start, we do not want that.
>> 6. Under Stop log, select one of the following options:
>> To stop the log or alert manually, click Manually. When this option is
>> selected, to stop the log or alert, right-click the log or alert name in
>> the
>> details pane, and click Stop.]]
>>
>> You can disable the WMI Performance Adapter service in Services.
>> Start | Run | Type: services.msc | Click OK |
>> Scroll clear down to and double click WMI Performance Adapter |
>> Click the Stop button | Set the Startup type to Disabled | Click Apply |
>> Click OK | Close Services | Maybe you have to reboot for it to stop and
>> not
>> get started again, I'm not sure. Been to long since I disabled it for me
>> to
>> remember.
>>
>> If the WMI Performance Adapter service is disabled, no Performance
>> logging can take place. I have it disabled. For instance if you open
>> Performance
>> (perfmon.msc), Console1.msc or and click on Performance Logs and Alerts
>> you'll get a message...
>>
>> [[The service cannot be started, either because it is disabled or because
>> it
>> has no enabled devices associated with it.]]
>>
>> If you find that the problem was from Performance, disable the WMI
>> Performance Adapter service so that it can't happen again.
>> -----
>>
>> If nothing above helped, read on.
>>
>> You can type this in a command prompt for help on tracelog.
>>
>> tracelog /?
>>
>> This command will Stop all active trace sessions...
>>
>> tracelog -x
>>
>> I do not know if this command will work, type or paste into a command
>> prompt...
>>
>> tracelog -stop NT Kernel Logger
>>
>> It's worth a shot, if nothing above helped.
>>
>> Same with..
>>
>> tracelog -disable NT Kernel Logger
>>
>> You can read through this, if you want...
>>
http://www.techspot.com/vb/all/windows/t-490-Difficulty-finding-LogFiles.html
>>
>> More info...
>>
>> NT Kernel Logger Trace Session
>>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ddtools/hh/ddtools/tracetools_85d66a98-bc80-4dc4-bce8-7bb7618ff5be.xml.asp
>>
>> Start an NT Kernel Logger Trace Session
>>
http://msdn.microsoft.com/library/en-us/ddtools/hh/ddtools/tracelog_ead9da62-ba78-4926-8f62-e68d8d6292ba.xml.asp
>>
>> Tracelog Commands
>>
http://msdn.microsoft.com/library/en-us/ddtools/hh/ddtools/tracelog_b6beb1b9-7356-4975-8f53-2f2338ae1927.xml.asp
>>
>> I have enough here to keep you busy for a while. ;-)
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:uL9GGZDrFHA.460@TK2MSFTNGP15.phx.gbl,
>> Lisa <0@00000hotmail.com> hunted and pecked:
>>> Hi Again,
>>>
>>> -Done the regedit trick but it did not help! The trace.log file is still
>>> active and it is growing!
>>>
>>> -Did a search for bootvis.exe but it is not on my PC!
>>>
>>> -I installed the Windows Support Tools and run TRACELOG -L and this is
>>> what I am getting. I hope that you can help me out! Thank you very much.
>>>
>>> C:\Documents and Settings\M. Sabra>TRACELOG -L
>>> Logger Name: NT Kernel Logger
>>> Logger Id: 1
>>> Logger Thread Id: 00000064
>>> Buffer Size: 64 Kb
>>> Maximum Buffers: 120
>>> Minimum Buffers: 30
>>> Number of Buffers: 93
>>> Free Buffers: 89
>>> Buffers Written: 4479
>>> Events Lost: 0
>>> Log Buffers Lost: 0
>>> Real Time Buffers Lost: 0
>>> AgeLimit: 15
>>> Log File Mode: Sequential
>>> Enabled tracing: Process Thread Disk File HardFaults ImageLoad
>>> Log Filename: C:\WINDOWS\System32\LogFiles\WMI\trace.log
>>>
>>> C:\Documents and Settings\Lisa>
>>>
>>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
>>> news:%23Hp9qLDrFHA.2540@TK2MSFTNGP09.phx.gbl...
>>>> Lisa,
>>>>
>>>> TRACELOG is tracelog.exe (WMI Event Trace Logger).
>>>>
>>>> I thought it was part of XP. It isn't, it's part of the Windows
>>>> Support Tools. I apologize. I sometimes forget what came with what
>>>> or where I got
>>>> it.
>>>>
>>>> All my research shows that this..
>>>> C:\windows\system32\logfiles\wmi\trace.log
>>>> is caused by bootvis.exe.
>>>>
>>>> Open the Registry Editor...
>>>> Start | Run | Type: regedit | Click OK |
>>>> Navigate to >>>
>>>> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
>>>> In the right hand pane you may see Start listed under the Name column.
>>>> If you do, and the Data is 1, double click on Start and set the value
>>>> to
>>>> 0.
>>>>
>>>> Now, just in case, do a Search on your machine for bootvis.exe, if you
>>>> find
>>>> it, delete it. It isn't malicious, but it can cause problems. Bootvis
>>>> is a
>>>> Microsoft tool, but MS pulled the downloading of it because of the
>>>> problems
>>>> the average user has with it.
>>>>
>>>> If you're interested in Windows Support Tools.
>>>>
>>>> Windows Support Tools is on the XP CD.
>>>>
>>>> Drive:\SUPPORT\TOOLS
>>>>
>>>> Along with many useful tools built into the Windows operating system,
>>>> over 40 additional Support Tools are included on the Windows CD.
>>>>
>>>> To install Windows Support Tools
>>>>
>>
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/tools_howto.mspx
>>>>
>>>> Windows Support Tools
>>>>
>>
http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/home/using/productdoc/en/tools_overview.asp
>>>>
>>>>
>>>> Windows XP Service Pack 2 Support Tools
>>>>
>>
http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en
>>>>
>>>> Using the Windows XP support tools
>>>>
>>
http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fworldwide%2Fen-gb%2Futility.asp
>>>>
>>>> Using the Windows XP support tools (Part 2)
>>>>
>>
http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fworldwide%2Fen-gb%2Futility2.asp
>>>>
>>>> Using the Windows XP support tools (Part 3)
>>>>
>>
http://support.microsoft.com/default.aspx?scid=%2Fdirectory%2Fworldwide%2Fen-gb%2Futility3.asp
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>>
>>>> Wes
>>>> MS-MVP Windows Shell/User
>>>>
>>>> In news:emIu3gCrFHA.3596@TK2MSFTNGP15.phx.gbl,
>>>> Lisa <0@00000hotmail.com> hunted and pecked:
>>>>> Hi Wesley,
>>>>>
>>>>> Never used bootvis! Don't even know what it is!
>>>>>
>>>>> When I try to run TRACELOG -L from the command prompt, I get the
>>>>> following; ['TRACELOG' is not recognized as an internal or external
>>>>> command, operable program or batch file.]
>>>>>
>>>>> Thanks!
>>>>>
>>>>> C:\>
>>>>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
>>>>> news:%23X8uMLArFHA.2880@TK2MSFTNGP12.phx.gbl...
>>>>>> Normal WMI logging logs are found in...
>>>>>> %windir%\system32\wbem\logs
>>>>>> or
>>>>>> C:\WINDOWS\system32\wbem\logs
>>>>>>
>>>>>> You may see a bunch of logs in that folder.
>>>>>>
>>>>>> Did you ever use bootvis.exe?
>>>>>> If yes...
>>>>>>
>>>>>> [[After running the MS Bootvis utility, the file
>>>>>> C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.
>>>>>>
>>>>>> The file shrinks on rebooting but may rapidly grow to a few gig's in
>>>>>> size, to cure the problem run BootVis again and click Trace-->Stop
>>>>>> Tracing, the file will now stop growing and may be safely deleted.]]
>>>>>> From...
>>>>>>
http://forums.infoprosjoint.net/showthread.php?t=2806
>>>>>>
>>>>>> If that wasn't it, try this, it will List all trace sessions.
>>>>>> Open a command prompt...
>>>>>> Start | Run | Type: cmd | Click OK |
>>>>>> When the command prompt opens type or paste:
>>>>>>
>>>>>> TRACELOG -L
>>>>>>
>>>>>> Hit your Enter key.
>>>>>>
>>>>>> If anything is running a trace it should show up, otherwise it
>>>>>> returns to
>>>>>> the prompt.
>>>>>>
>>>>>> --
>>>>>> Hope this helps. Let us know.
>>>>>>
>>>>>> Wes
>>>>>> MS-MVP Windows Shell/User
>>>>>>
>>>>>> In news:%23%23KCks$qFHA.3736@TK2MSFTNGP10.phx.gbl,
>>>>>> Lisa <0@00000hotmail.com> hunted and pecked:
>>>>>>> Hi, Last week I posted here requesting help with my Hard drive
>>>>>>> filling
>>>>>>> up all the time and needing to restart the PC to reclaim the lost
>>>>>>> space.
>>>>>>> Today, I found out that the WMI log
>>>>>>> (\windows\system32\logfiles\WMI\trace.log) is using all available
>>>>>>> space on that partition, filling the drive. restarting the system
>>>>>>> causes the log to be reset! What is happening here? Do I really need
>>>>>>> that log? Can I stop it and how? Again, TIA.
Facebook
Twitter
Instagram