Difficulty finding Log/Files
- Thread starter srsust
- Start date
I also had the 4 GB trace.log problem. I figured out that it is the following 'feature' of Windows XP that is causing this problem:
"System Restore"
Turn it off this way:
Start | Control Panel | System
Tab "System Restore"
Flag "Turn off system restore on all drives".
Apply / OK
Reboot
Go to %systemroot%\system32\LogFiles\WMI\
Delete trace.log
And be free again :grinthumb
"System Restore"
Turn it off this way:
Start | Control Panel | System
Tab "System Restore"
Flag "Turn off system restore on all drives".
Apply / OK
Reboot
Go to %systemroot%\system32\LogFiles\WMI\
Delete trace.log
And be free again :grinthumb
poertner_1274
Posts: 3,874 +3
Thanks for the help B@cchuz.
:wave: :wave: Welcome to TechSpot :wave: :wave:
All 3 of you for that matter
:wave: :wave: Welcome to TechSpot :wave: :wave:
All 3 of you for that matter
Fix for your problem!!!
I had the exact same problem, and the fix is quite simple really.
In the windows registry, change the following key:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger\
Start = 0
For less experienced users they can just double click on the fix.reg file in the attached zip.
Hope this helps everyone experienceing the problem.
I have seen the problem posted on a number of sites, but no one has posted the correct fix yet, so spread the word.
Regards,
Josh J.
I had the exact same problem, and the fix is quite simple really.
In the windows registry, change the following key:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger\
Start = 0
For less experienced users they can just double click on the fix.reg file in the attached zip.
Hope this helps everyone experienceing the problem.
I have seen the problem posted on a number of sites, but no one has posted the correct fix yet, so spread the word.
Regards,
Josh J.
poertner_1274
Posts: 3,874 +3
Thank you for the information jjarman. I checked the reg file and everything looked in order. If someone who is having htis problem would try this and let us know how it turns out.
Just remember to backup you registry before you do anything to it, so you can always revert back!!!!!!!
Just remember to backup you registry before you do anything to it, so you can always revert back!!!!!!!
Well, this really wasn't the solution for my problem. Ofcourse I also did a search in regedit first to find a key/string containing "WMI", found it, changed the value from 1 to 0, but that didn't work. The trace.log file was still alive and growing.
The only way to stop this was to turn off system restore as described in my earlier posting.
The only way to stop this was to turn off system restore as described in my earlier posting.
I have System Resotre running just fine.
This is a helpful OS feature and there is no need to disable it to resolve this issue.
My WMI\trace.log would grow to 4-5 gigs in under two days.
Changing this key turns of WMI global logging, but you have to reboot, as it is turned on and off after the kernal loads.
So i guess I should have added "reboot" to the instructions:
In the windows registry, change the following key:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\WMI\GlobalLogger\
Start = 0
Reboot
Everyone I have run into was able to resolve the problem following my previous instructions.
If after your reboot, the file WMI\trace.log is still locked and growing then you have another set of loggers assigned to the same value.
Perhaps in your specific case, these logs are associated with your System Restore. This is by no means a reason to disable your System Restore.
All you need to do in that case, is run:
TraceLog
(This will list your current active logger sessions. In the following instructions replace "LoggerName" with the name of the logger associated with the NTKernal)
TraceLog -stop LoggerName
TraceLog -disable LoggerName
TraceLog -x
TraceLog -remove GlobalLogger
This should resolve any other growing log file issue.
If for some reason this doesn't work, then you probably have something unique going on and I'd have to see an export of your registry to help further.
Hope this helps.
Regards.
josh
This is a helpful OS feature and there is no need to disable it to resolve this issue.
My WMI\trace.log would grow to 4-5 gigs in under two days.
Changing this key turns of WMI global logging, but you have to reboot, as it is turned on and off after the kernal loads.
So i guess I should have added "reboot" to the instructions:
In the windows registry, change the following key:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\WMI\GlobalLogger\
Start = 0
Reboot
Everyone I have run into was able to resolve the problem following my previous instructions.
If after your reboot, the file WMI\trace.log is still locked and growing then you have another set of loggers assigned to the same value.
Perhaps in your specific case, these logs are associated with your System Restore. This is by no means a reason to disable your System Restore.
All you need to do in that case, is run:
TraceLog
(This will list your current active logger sessions. In the following instructions replace "LoggerName" with the name of the logger associated with the NTKernal)
TraceLog -stop LoggerName
TraceLog -disable LoggerName
TraceLog -x
TraceLog -remove GlobalLogger
This should resolve any other growing log file issue.
If for some reason this doesn't work, then you probably have something unique going on and I'd have to see an export of your registry to help further.
Hope this helps.
Regards.
josh
Re. Tracelog & NT Kernel Logger
jjarman:
You're quite correct (and thanks BTW for saving me a sh*tload of time) with your posted registry key to disable gobal logging:
\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\WMI\GlobalLogger\
Start Value = 0
My WMI\trace was growing overnight to fill all but 20mb's of my XP system partition.
It all started with BOOTVIS, and triggered NT Kernel Logger, even after Bootvis had been binned.
All-in-all, this is a little-known pain in the arse.
Thanks for posting sensible, concise advice - that actually works!
jjarman:
You're quite correct (and thanks BTW for saving me a sh*tload of time) with your posted registry key to disable gobal logging:
\HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\WMI\GlobalLogger\
Start Value = 0
My WMI\trace was growing overnight to fill all but 20mb's of my XP system partition.
It all started with BOOTVIS, and triggered NT Kernel Logger, even after Bootvis had been binned.
All-in-all, this is a little-known pain in the arse.
Thanks for posting sensible, concise advice - that actually works!
Seems you got lucky with only 4-5 gigs of space. I hit 21gb of log file. Luckily I still had bootvis still on the computer and all it took was just to run it and then stop the tracing. much easier than turning off logging globally but would have done that if bootvis didn't stop it's mess.
A BIG THANK YOU TO EVERYONE!
A BIG THANK YOU TO EVERYONE!
This may be of use to someone - I had this problem with trace.log, and couldn't get Bootvis.exe to solve the problem.
Here is what I did to solve it: - it's worked for me so far:
During boot, press F8 twice to get startup options.
Select safe mode, with command prompt
log -on as administrator
At the prompt, navigate to Windows\system32\logfiles\wmi\trace.log
(you still can't delete the file at this stage.)
use the command "attrib +r trace.log" without the quotes
(this stops windows altering this file anymore, by adding read only)
Restart windows normally
Go to the file in file-manager/explorer
Delete file
Create a new trace.log file (using notepad, and save it in the same directory where you deleted the original)
right click the file, and change attributes to read only
You should now have a file, sized 0 Kb, which can't be changed!
I hope this is helps.
Mark - former DOS user - bring back DOS!
Here is what I did to solve it: - it's worked for me so far:
During boot, press F8 twice to get startup options.
Select safe mode, with command prompt
log -on as administrator
At the prompt, navigate to Windows\system32\logfiles\wmi\trace.log
(you still can't delete the file at this stage.)
use the command "attrib +r trace.log" without the quotes
(this stops windows altering this file anymore, by adding read only)
Restart windows normally
Go to the file in file-manager/explorer
Delete file
Create a new trace.log file (using notepad, and save it in the same directory where you deleted the original)
right click the file, and change attributes to read only
You should now have a file, sized 0 Kb, which can't be changed!
I hope this is helps.
Mark - former DOS user - bring back DOS!
poertner_1274
Posts: 3,874 +3
Wow, that is a neat solution. I never even thought of doing something like that. But the way you explained it makes it seem as if it would work.
I hope this helps people in the future.
Great find Seligkram :grinthumb
I hope this helps people in the future.
Great find Seligkram :grinthumb
StormBringer
Posts: 2,218 +0
umm, check MSKB, I'm not going to look it up. I remember seeing some other threads about a similar situation that may be relavent as well. Use the search feature.
Inflated TRACE.LOG problem, how to fix.
After running the MS Bootvis utility, the file C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.
The file shrinks on reboting but may rapidly grow to a few gig's in size, to cure the problem run BootVis again and click Trace-->Stop Tracing, the file will now stop growing and may be safely deleted.
After running the MS Bootvis utility, the file C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.
The file shrinks on reboting but may rapidly grow to a few gig's in size, to cure the problem run BootVis again and click Trace-->Stop Tracing, the file will now stop growing and may be safely deleted.
