Category Archives: Log

logging-1920x1080

log management open source

log management open source

In this article we will discuss about log management open source. How to manage log using powershell. Below are points we will check using powershell.

  • Check what are the diagnostic provider
  • How to disable or enable event log provider
  • ULS log settings or sharepoint 2016 logs location
  • Change ULS log settings or sharepoint 2016 logs location
  • How to find ULS logging level
  • Set ULS log verbose
Advertisements
Advertisements

Check what are the diagnostic provider

we can use the powershell cmdlet “Get-SPDiagnosticsProvider” to check what are the diagnostic provider.

log-management_1589x611

How to disable or enable event log provider

We can run the below to command to disable event log provider that is “job-diagnostics-event-log-provider” provider.

Get-SPDiagnosticsProvider job-diagnostics-event-log-provider | Set-SPDiagnosticsProvider -Enable:$false
Get-SPDiagnosticsProvider job-diagnostics-event-log-provider
job-diagnostics-event-log-provider-1581x277

We can run the below to command to enable event log provider that is “job-diagnostics-event-log-provider” provider

Get-SPDiagnosticsProvider job-diagnostics-event-log-provider | Set-SPDiagnosticsProvider -Enable:$true
Get-SPDiagnosticsProvider job-diagnostics-event-log-provider
enable-job-diagnostics-event-log-provider-1577x268
Advertisements
Advertisements

ULS log settings or sharepoint 2016 logs location

We can run the command “Get-SPDiagnosticConfig” to get ULS  logging settings

Get-SPDiagnosticConfig
Get-SPDiagnosticConfig-1315x687

Change ULS log settings or sharepoint 2016 logs location

we can run the command “Set-SPDiagnosticConfig” to Change ULS log settings or sharepoint 2016 logs location.

PS C:\> Set-SPDiagnosticConfig -DaysToKeepLogs 7 -LogLocation "E:\Logs" -EventLogFloodProtectionEnabled
PS C:\> Get-SPDiagnosticConfig
change-sharepoint-2016-logs-location-1317x712
diagnostic-logging-1255x665
Advertisements
Advertisements

How to find ULS logging level

We can run the command “Get-SPLogLevel” to find ULS logging level.

Get-SPLogLevel -identity "eApproval:*", General, audit, "Business Data"
Get-SPLogLevel-1314x534

Set ULS log verbose

we can set ULS log Verbose and categories by using “Set-SPLogLevel

Set-SPLogLevel -TraceSeverity verbose -EventSeverity verbose -Identity "eApproval:*", General, audit, "Business Data"
Get-SPLogLevel -identity "eApproval:*", General, audit, "Business Data"
Set-SPLogLevel-1317x625

Create new log file

we can create a new log file by running the command below.

New-SPLogFile
new-splogfile-1316x108
Advertisements
Advertisements
Advertisements
Delete cbs.log file its growing large

Delete cbs.log file its growing large

Advertisements
Advertisements

Delete cbs.log file its growing large

This post describes about cbs.log file which is growing large and how you can delete. System File Checker is a utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files. Run the System File Checker tool (SFC.exe) to scan your system files and to repair missing or corrupted system files. CBS.Log file is generated by the Microsoft Windows Resource Checker (SFC.exe).

The SFC.exe program writes the details of each verification operation and of each repair operation to the CBS.log file. The CBS.persist.log is generated when the CBS gets to be around 50 meg in size. CBS.log is copied to cbs.persist.log and a new cbs.log file is started.

Solution 1 :

you can try compressing the file:

  1. Right click on the CBS.log file.
  2. Click on Properties.
  3. On the General tab, click Advanced.
  4. Check "Compress contents to save disk space" and click on OK.

Solution 2 :

Another Workaround is to turn off unnecessary services that may calling into CBS;

To disable CBS log, you may change registry key in

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Component
Based Servicing] EnableLog=dword:00000000

In addition,also recommended to run sfc/scannow to check the health of system files.

Solution 3 :

If you are sure your system is running fine, you can delete this file. SFC.exe will create a new one, next time it is run.

Please follow below method to delete:

  1. Stop TrustedInstaller.exe (Windows Module Installer) in Taskmanager Services tab. Additionally if you cannot, open the Taskmanager Processes tab and End Task the same process.
  2. Delete or move all the .log files in the C:\Windows\Logs\CBS directory, you can delete the .persist and .cab files as well.
  3. Start Windows Module Installer service (TrustedInstaller.exe) again
Advertisements
Advertisements

Configure diagnostic logging SharePoint 2016

The SharePoint Server 2016 environment might require configuration of the diagnostic logging settings after initial deployment, after upgrade, and if a change is made to the environment, such as adding or removing a server.

The guidelines in the following list can help you form best practices for the specific environment.

* Change the drive to which the server writes logs:

By default, SharePoint Server 2016 writes diagnostic logs to the same drive and partition on which it was installed. Because diagnostic logging can use a large amount of drive space and compromise drive performance, you should configure SharePoint Server 2016 to write to another drive on which SharePoint Server 2016 is not installed.

You should also consider the connection speed to the drive on which SharePoint Server 2016 writes the logs. If verbose-level logging is configured, the server records a large amount of data. Therefore, a slow connection might result in poor log performance.

* Restrict log disk space usage:

By default, the amount of disk space that diagnostic logging can use is unlimited. Therefore, restrict the disk space that logging uses, especially if you configure logging to write verbose-level events. When the disk reaches the restriction, SharePoint Server 2016 removes the oldest logs before it records new logging data.

* Use the Verbose setting sparingly:

You can configure diagnostic logging to record verbose-level events. This means that SharePoint Server 2016 records every action that it takes. Verbose-level logging can quickly use drive space and affect drive and server performance. You can use verbose-level logging to record more detail when you are making critical changes and then reconfigure logging to record only higher-level events after you make the change.

* Regularly back up logs:

Diagnostic logs contain important data. Therefore, back up the logs regularly to ensure that this data is preserved. When you restrict log drive space usage, or if you keep logs for only a few days, SharePoint Server 2016 automatically deletes log files, starting with the oldest files first, when the threshold is met.

* Enable event log flooding protection:

When you enable this setting, SharePoint Server 2016 detects repeating events in the Windows event log, and suppresses them until conditions return to a typical state.

You can set the level of diagnostic logging for the event log and for the trace log. This limits the types and amount of information that are written to each log.

The following tables define the levels of logging that are available for the event log and trace log.

event-log-levels

trace-log-levels

Configure diagnostic logging by using Central Administration :

  1. In Central Administration, on the home page, click Monitoring.
  2. On the Monitoring page, in the Reporting section, click Configure diagnostic logging.
  3. On the Diagnostic Logging page, in the Event Throttling section, configure event throttling as follows:To configure event throttling for all categories:
    1. Select the All Categories check box.
    2. Select the event log level from the Least critical event to report to the event log list.
    3. Select the trace log level from the Least critical event to report to the trace log list.

    To configure event throttling for one or more categories:

    1. Select the check boxes of the categories that you want.
    2. Select the event log level from the Least critical event to report to the event log list.
    3. Select the trace log level from the Least critical event to report to the trace log list.

    To configure event throttling for one or more subcategories (you can expand one or more categories and select any subcategory):

    1. Click the plus (+) next to the category to expand the category.
    2. Select the check box of the subcategory.
    3. Select the event log level from the Least critical event to report to the event log list.
    4. Select the trace log level from the Least critical event to report to the trace log list.

    To return event throttling for all categories to default settings:

    1. Select the All Categories check box.
    2. Select Reset to default from the Least critical event to report to the event log list.
    3. Select Reset to default from the Least critical event to report to the trace log list.
  4. In the Event Log Flood Protection section, select the Enable Event Log Flood Protection check box.
  5. In the Trace Log section, in the Path box, type the path of the folder to which you want logs to be written.
  6. In the Number of days to store log files box, type the number of days (1-366) that you want logs to be kept. After this time, logs will automatically be deleted.
  7. To restrict the disk space that logs can use, select the Restrict Trace Log disk space usage check box, and then type the number gigabytes (GB) you want to restrict log files to. When logs reach this value, older logs will automatically be deleted.
  8. After you have made the changes that you want on the Diagnostic Logging page, click OK.

Configure diagnostic logging by using Windows PowerShell :

  1. Verify that you have the following memberships:
  • securityadmin fixed server role on the SQL Server instance.
  • db_owner fixed database role on all databases that are to be updated.
  • Administrators group on the server on which you are running the Windows PowerShell cmdlets.

An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint Server 2016 cmdlets.

  1. On the Start menu, click All Programs.
  2. Click SharePoint 2016.
  3. Click SharePoint 2016 Management Shell.
  4. To change the drive to which the server writes logs, at the Windows PowerShell command prompt, type the following command:

Set-SPDiagnosticConfig -LogLocation D:\DiagnosticLogs

  1. To restrict log disk space usage, at the Windows PowerShell command prompt, type the following command:

Set-SPDiagnosticConfig -LogMaxDiskSpaceUsageEnabled

Or assign the maximum disk space for logs:

Set-SPDiagnosticConfig -LogDiskSpaceUsageGB 500

  1. To view the current logging level, at the Windows PowerShell command prompt, type the following command:

Get-SPLogLevel

  1. To change the logging level, at the Windows PowerShell command prompt, type the following command:

Set-SPLogLevel -TraceSeverity Monitorable

To set all categories back to default levels, at the Windows PowerShell command prompt, type the following command, and then press ENTER:

Clear-SPLogLevel

9. To enable event log flooding protection, at the Windows PowerShell command prompt, type the following command:

Set-SPDiagnosticConfig -EventLogFloodProtectionEnabled

SharePoint logging change default location of log file 1920x1080

SharePoint logging change default location of log file

Advertisements
Advertisements

SharePoint logging change default location of log file

By default SharePoint logging is stored it’s usage logs in " C:\Program files\Common Files\Microsoft Shared\Web Server Extensions\14\LOGS "

but if a server doesn’t have a large C drive then it is easy to change the location to a larger drive.  Here is how:

  1. Log in to Central Administration.
  2. In the Monitoring section click on Configure usage and health data collection.
  3. Change the path for the logs and the maximum size and then click OK

SharePoint logging

The change takes immediate effect, no services need to be restarted.

Note: the specified location must exist on all servers in the farm

Advertisements
Advertisements