WMI trace log

[Guest]

Have a log file located at:
C:\WINDOWS\SYSTEM32\LogFiles\WMI\trace.log
It keeps on filling up and have no idea how it gets started
but sure want to stop the dang thing from tracing so much
of whatever it is tracing. After maybe 3 hours on computer,
and not running any scripts (that I'm aware of), that file is
4G+ and keeps growing until after about 9-10 hours of having
computer turned on, it is at 43Gig+ in size!

Any help would be greatly appreciated.

Just hate rebooting computer when it doesn't have any problem
except using up my available disk space?

Signed - a frustrated gofer!

 

[Michael W. Ryder]

Have a log file located at:
C:\WINDOWS\SYSTEM32\LogFiles\WMI\trace.log
It keeps on filling up and have no idea how it gets started
but sure want to stop the dang thing from tracing so much
of whatever it is tracing. After maybe 3 hours on computer,
and not running any scripts (that I'm aware of), that file is
4G+ and keeps growing until after about 9-10 hours of having
computer turned on, it is at 43Gig+ in size!

Any help would be greatly appreciated.

Just hate rebooting computer when it doesn't have any problem
except using up my available disk space?

Signed - a frustrated gofer!

Does this fix your problem http://www.tweakxp.com/article37538.aspx ?
I found it after a couple of minutes using Google and the search 'wmi
and trace.log'. There are several Microsoft pages in the search that
also reference the WMI and the trace.log that it creates.

 

[Wesley Vogel]

Did you ever use bootvis.exe?
If yes...

[[After running the MS Bootvis utility, the file
C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.

The file shrinks on rebooting but may rapidly grow to a few gig's in size,
to cure the problem run BootVis again and click Trace-->Stop Tracing, the
file will now stop growing and may be safely deleted.]]
From...
http://forums.infoprosjoint.net/showthread.php?t=2806

If bootvis.exe isn't guilty.

%windir%\system32\logfiles\WMI\trace.log

Open the Registry Editor...
Start | Run | Type: regedit | Click OK |
Navigate to >>>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
In the right hand pane you may see Start listed under the Name column.
If you do, and the Data is 1, double click on Start and set the value to 0.

Reboot your machine. Check the setting in the above registry key to see
that it's still set to 0.

Navigate to %windir%\system32\logfiles\WMI and delete trace.log.
-----

look at Performance.
Start | Run | Type: perfmon.msc | Click OK |
Click on Performance Logs and Alerts and look around.

From Performance HELP:

[[Any existing logs will be listed in the details pane. A green icon
indicates that a log is running; a red icon indicates that a log has been
stopped.]]

[[To view or change properties of a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts.
3. Click Counter Logs, Trace Logs, or Alerts.
4. In the details pane, double-click the name of the log or alert.
5. View or change the log properties as needed.]]

[[To define start or stop parameters for a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts, and then click Counter Logs,
Trace Logs, or Alerts.
3. In the details pane, double-click the name of the log or alert.
4. Click the Schedule tab.
5. Is for Start, we do not want that.
6. Under Stop log, select one of the following options:
To stop the log or alert manually, click Manually. When this option is
selected, to stop the log or alert, right-click the log or alert name in the
details pane, and click Stop.]]

You can disable the WMI Performance Adapter service in Services.
Start | Run | Type: services.msc | Click OK |
Scroll clear down to and double click WMI Performance Adapter |
Click the Stop button | Set the Startup type to Disabled | Click Apply |
Click OK | Close Services | Maybe you have to reboot for it to stop and not
get started again, I'm not sure. Been to long since I disabled it for me to
remember.

If the WMI Performance Adapter service is disabled, no Performance logging
can take place. I have it disabled. For instance if you open Performance
(perfmon.msc), Console1.msc or and click on Performance Logs and Alerts
you'll get a message...

[[The service cannot be started, either because it is disabled or because it
has no enabled devices associated with it.]]

If you find that the problem was from Performance, disable the WMI
Performance Adapter service so that it can't happen again.
-----

TRACELOG is tracelog.exe (WMI Event Trace Logger).
tracelog.exe is part of Windows Support Tools.

Open a command prompt...
Start | Run | Type: cmd | Click OK |
When the command prompt opens type or paste:

TRACELOG -L

Hit your Enter key.

If anything is running a trace it should show up, otherwise it returns to
the prompt.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Wes -

Thank you very much. That information was more than I could have
ever hoped to have received. Worked like a champ!!!!

Again, thank you very much.

This world needs more people just like you!

Gofermatch

Did you ever use bootvis.exe?
If yes...

[[After running the MS Bootvis utility, the file
C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.

The file shrinks on rebooting but may rapidly grow to a few gig's in size,
to cure the problem run BootVis again and click Trace-->Stop Tracing, the
file will now stop growing and may be safely deleted.]]
From...
http://forums.infoprosjoint.net/showthread.php?t=2806

If bootvis.exe isn't guilty.

%windir%\system32\logfiles\WMI\trace.log

Open the Registry Editor...
Start | Run | Type: regedit | Click OK |
Navigate to >>>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
In the right hand pane you may see Start listed under the Name column.
If you do, and the Data is 1, double click on Start and set the value to 0.

Reboot your machine. Check the setting in the above registry key to see
that it's still set to 0.

Navigate to %windir%\system32\logfiles\WMI and delete trace.log.
-----

look at Performance.
Start | Run | Type: perfmon.msc | Click OK |
Click on Performance Logs and Alerts and look around.

From Performance HELP:

[[Any existing logs will be listed in the details pane. A green icon
indicates that a log is running; a red icon indicates that a log has been
stopped.]]

[[To view or change properties of a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts.
3. Click Counter Logs, Trace Logs, or Alerts.
4. In the details pane, double-click the name of the log or alert.
5. View or change the log properties as needed.]]

[[To define start or stop parameters for a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts, and then click Counter Logs,
Trace Logs, or Alerts.
3. In the details pane, double-click the name of the log or alert.
4. Click the Schedule tab.
5. Is for Start, we do not want that.
6. Under Stop log, select one of the following options:
To stop the log or alert manually, click Manually. When this option is
selected, to stop the log or alert, right-click the log or alert name in the
details pane, and click Stop.]]

You can disable the WMI Performance Adapter service in Services.
Start | Run | Type: services.msc | Click OK |
Scroll clear down to and double click WMI Performance Adapter |
Click the Stop button | Set the Startup type to Disabled | Click Apply |
Click OK | Close Services | Maybe you have to reboot for it to stop and not
get started again, I'm not sure. Been to long since I disabled it for me to
remember.

If the WMI Performance Adapter service is disabled, no Performance logging
can take place. I have it disabled. For instance if you open Performance
(perfmon.msc), Console1.msc or and click on Performance Logs and Alerts
you'll get a message...

[[The service cannot be started, either because it is disabled or because it
has no enabled devices associated with it.]]

If you find that the problem was from Performance, disable the WMI
Performance Adapter service so that it can't happen again.
-----

TRACELOG is tracelog.exe (WMI Event Trace Logger).
tracelog.exe is part of Windows Support Tools.

Open a command prompt...
Start | Run | Type: cmd | Click OK |
When the command prompt opens type or paste:

TRACELOG -L

Hit your Enter key.

If anything is running a trace it should show up, otherwise it returns to
the prompt.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Have a log file located at:
C:\WINDOWS\SYSTEM32\LogFiles\WMI\trace.log
It keeps on filling up and have no idea how it gets started
but sure want to stop the dang thing from tracing so much
of whatever it is tracing. After maybe 3 hours on computer,
and not running any scripts (that I'm aware of), that file is
4G+ and keeps growing until after about 9-10 hours of having
computer turned on, it is at 43Gig+ in size!

Any help would be greatly appreciated.

Just hate rebooting computer when it doesn't have any problem
except using up my available disk space?

Signed - a frustrated gofer!

 

[Wesley Vogel]

Gofermatch,

What was the cause and the fix?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Wes -

Thank you very much. That information was more than I could have
ever hoped to have received. Worked like a champ!!!!

Again, thank you very much.

This world needs more people just like you!

Gofermatch

Did you ever use bootvis.exe?
If yes...

[[After running the MS Bootvis utility, the file
C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.

The file shrinks on rebooting but may rapidly grow to a few gig's in
size, to cure the problem run BootVis again and click Trace-->Stop
Tracing, the file will now stop growing and may be safely deleted.]]
From...
http://forums.infoprosjoint.net/showthread.php?t=2806

If bootvis.exe isn't guilty.

%windir%\system32\logfiles\WMI\trace.log

Open the Registry Editor...
Start | Run | Type: regedit | Click OK |
Navigate to >>>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
In the right hand pane you may see Start listed under the Name column.
If you do, and the Data is 1, double click on Start and set the value to
0.

Reboot your machine. Check the setting in the above registry key to see
that it's still set to 0.

Navigate to %windir%\system32\logfiles\WMI and delete trace.log.
-----

look at Performance.
Start | Run | Type: perfmon.msc | Click OK |
Click on Performance Logs and Alerts and look around.

From Performance HELP:

[[Any existing logs will be listed in the details pane. A green icon
indicates that a log is running; a red icon indicates that a log has been
stopped.]]

[[To view or change properties of a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts.
3. Click Counter Logs, Trace Logs, or Alerts.
4. In the details pane, double-click the name of the log or alert.
5. View or change the log properties as needed.]]

[[To define start or stop parameters for a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts, and then click Counter
Logs, Trace Logs, or Alerts.
3. In the details pane, double-click the name of the log or alert.
4. Click the Schedule tab.
5. Is for Start, we do not want that.
6. Under Stop log, select one of the following options:
To stop the log or alert manually, click Manually. When this option is
selected, to stop the log or alert, right-click the log or alert name in
the details pane, and click Stop.]]

You can disable the WMI Performance Adapter service in Services.
Start | Run | Type: services.msc | Click OK |
Scroll clear down to and double click WMI Performance Adapter |
Click the Stop button | Set the Startup type to Disabled | Click Apply |
Click OK | Close Services | Maybe you have to reboot for it to stop and
not get started again, I'm not sure. Been to long since I disabled it
for me to remember.

If the WMI Performance Adapter service is disabled, no Performance
logging can take place. I have it disabled. For instance if you open
Performance (perfmon.msc), Console1.msc or and click on Performance Logs
and Alerts you'll get a message...

[[The service cannot be started, either because it is disabled or
because it has no enabled devices associated with it.]]

If you find that the problem was from Performance, disable the WMI
Performance Adapter service so that it can't happen again.
-----

TRACELOG is tracelog.exe (WMI Event Trace Logger).
tracelog.exe is part of Windows Support Tools.

Open a command prompt...
Start | Run | Type: cmd | Click OK |
When the command prompt opens type or paste:

TRACELOG -L

Hit your Enter key.

If anything is running a trace it should show up, otherwise it returns to
the prompt.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Have a log file located at:
C:\WINDOWS\SYSTEM32\LogFiles\WMI\trace.log
It keeps on filling up and have no idea how it gets started
but sure want to stop the dang thing from tracing so much
of whatever it is tracing. After maybe 3 hours on computer,
and not running any scripts (that I'm aware of), that file is
4G+ and keeps growing until after about 9-10 hours of having
computer turned on, it is at 43Gig+ in size!

Any help would be greatly appreciated.

Just hate rebooting computer when it doesn't have any problem
except using up my available disk space?

Signed - a frustrated gofer!

 

[Guest]

It was the registery entry for WMI/globalLogger being set to "1"; changed to
"0"; rebooted and was able to delete trace.log.

Thanks again for your help...was straightforward with great detail as to
possible solutions.

George

Gofermatch,

What was the cause and the fix?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Wes -

Thank you very much. That information was more than I could have
ever hoped to have received. Worked like a champ!!!!

Again, thank you very much.

This world needs more people just like you!

Gofermatch

Did you ever use bootvis.exe?
If yes...

[[After running the MS Bootvis utility, the file
C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.

The file shrinks on rebooting but may rapidly grow to a few gig's in
size, to cure the problem run BootVis again and click Trace-->Stop
Tracing, the file will now stop growing and may be safely deleted.]]
From...
http://forums.infoprosjoint.net/showthread.php?t=2806

If bootvis.exe isn't guilty.

%windir%\system32\logfiles\WMI\trace.log

Open the Registry Editor...
Start | Run | Type: regedit | Click OK |
Navigate to >>>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
In the right hand pane you may see Start listed under the Name column.
If you do, and the Data is 1, double click on Start and set the value to
0.

Reboot your machine. Check the setting in the above registry key to see
that it's still set to 0.

Navigate to %windir%\system32\logfiles\WMI and delete trace.log.
-----

look at Performance.
Start | Run | Type: perfmon.msc | Click OK |
Click on Performance Logs and Alerts and look around.

From Performance HELP:

[[Any existing logs will be listed in the details pane. A green icon
indicates that a log is running; a red icon indicates that a log has been
stopped.]]

[[To view or change properties of a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts.
3. Click Counter Logs, Trace Logs, or Alerts.
4. In the details pane, double-click the name of the log or alert.
5. View or change the log properties as needed.]]

[[To define start or stop parameters for a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts, and then click Counter
Logs, Trace Logs, or Alerts.
3. In the details pane, double-click the name of the log or alert.
4. Click the Schedule tab.
5. Is for Start, we do not want that.
6. Under Stop log, select one of the following options:
To stop the log or alert manually, click Manually. When this option is
selected, to stop the log or alert, right-click the log or alert name in
the details pane, and click Stop.]]

You can disable the WMI Performance Adapter service in Services.
Start | Run | Type: services.msc | Click OK |
Scroll clear down to and double click WMI Performance Adapter |
Click the Stop button | Set the Startup type to Disabled | Click Apply |
Click OK | Close Services | Maybe you have to reboot for it to stop and
not get started again, I'm not sure. Been to long since I disabled it
for me to remember.

If the WMI Performance Adapter service is disabled, no Performance
logging can take place. I have it disabled. For instance if you open
Performance (perfmon.msc), Console1.msc or and click on Performance Logs
and Alerts you'll get a message...

[[The service cannot be started, either because it is disabled or
because it has no enabled devices associated with it.]]

If you find that the problem was from Performance, disable the WMI
Performance Adapter service so that it can't happen again.
-----

TRACELOG is tracelog.exe (WMI Event Trace Logger).
tracelog.exe is part of Windows Support Tools.

Open a command prompt...
Start | Run | Type: cmd | Click OK |
When the command prompt opens type or paste:

TRACELOG -L

Hit your Enter key.

If anything is running a trace it should show up, otherwise it returns to
the prompt.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In gofermatch <[email protected]> hunted and pecked:
Have a log file located at:
C:\WINDOWS\SYSTEM32\LogFiles\WMI\trace.log
It keeps on filling up and have no idea how it gets started
but sure want to stop the dang thing from tracing so much
of whatever it is tracing. After maybe 3 hours on computer,
and not running any scripts (that I'm aware of), that file is
4G+ and keeps growing until after about 9-10 hours of having
computer turned on, it is at 43Gig+ in size!

Any help would be greatly appreciated.

Just hate rebooting computer when it doesn't have any problem
except using up my available disk space?

Signed - a frustrated gofer!

 

[Wesley Vogel]

George,

Glad you got rid of it and thanks for posting back. Keep having fun.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

It was the registery entry for WMI/globalLogger being set to "1"; changed
to "0"; rebooted and was able to delete trace.log.

Thanks again for your help...was straightforward with great detail as to
possible solutions.

George

Gofermatch,

What was the cause and the fix?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Wes -

Thank you very much. That information was more than I could have
ever hoped to have received. Worked like a champ!!!!

Again, thank you very much.

This world needs more people just like you!

Gofermatch

:

Did you ever use bootvis.exe?
If yes...

[[After running the MS Bootvis utility, the file
C:\WINDOWS\System32\LogFiles\WMI\trace.log becomes hugely inflated.

The file shrinks on rebooting but may rapidly grow to a few gig's in
size, to cure the problem run BootVis again and click Trace-->Stop
Tracing, the file will now stop growing and may be safely deleted.]]
From...
http://forums.infoprosjoint.net/showthread.php?t=2806

If bootvis.exe isn't guilty.

%windir%\system32\logfiles\WMI\trace.log

Open the Registry Editor...
Start | Run | Type: regedit | Click OK |
Navigate to >>>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger
In the right hand pane you may see Start listed under the Name column.
If you do, and the Data is 1, double click on Start and set the value
to 0.

Reboot your machine. Check the setting in the above registry key to
see that it's still set to 0.

Navigate to %windir%\system32\logfiles\WMI and delete trace.log.
-----

look at Performance.
Start | Run | Type: perfmon.msc | Click OK |
Click on Performance Logs and Alerts and look around.

From Performance HELP:

[[Any existing logs will be listed in the details pane. A green icon
indicates that a log is running; a red icon indicates that a log has
been stopped.]]

[[To view or change properties of a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts.
3. Click Counter Logs, Trace Logs, or Alerts.
4. In the details pane, double-click the name of the log or alert.
5. View or change the log properties as needed.]]

[[To define start or stop parameters for a log or alert
1. Open Performance.
2. Double-click Performance Logs and Alerts, and then click Counter
Logs, Trace Logs, or Alerts.
3. In the details pane, double-click the name of the log or alert.
4. Click the Schedule tab.
5. Is for Start, we do not want that.
6. Under Stop log, select one of the following options:
To stop the log or alert manually, click Manually. When this option is
selected, to stop the log or alert, right-click the log or alert name
in the details pane, and click Stop.]]

You can disable the WMI Performance Adapter service in Services.
Start | Run | Type: services.msc | Click OK |
Scroll clear down to and double click WMI Performance Adapter |
Click the Stop button | Set the Startup type to Disabled | Click Apply
| Click OK | Close Services | Maybe you have to reboot for it to stop
and not get started again, I'm not sure. Been to long since I
disabled it for me to remember.

If the WMI Performance Adapter service is disabled, no Performance
logging can take place. I have it disabled. For instance if you open
Performance (perfmon.msc), Console1.msc or and click on Performance
Logs and Alerts you'll get a message...

[[The service cannot be started, either because it is disabled or
because it has no enabled devices associated with it.]]

If you find that the problem was from Performance, disable the WMI
Performance Adapter service so that it can't happen again.
-----

TRACELOG is tracelog.exe (WMI Event Trace Logger).
tracelog.exe is part of Windows Support Tools.

Open a command prompt...
Start | Run | Type: cmd | Click OK |
When the command prompt opens type or paste:

TRACELOG -L

Hit your Enter key.

If anything is running a trace it should show up, otherwise it returns
to the prompt.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In gofermatch <[email protected]> hunted and pecked:
Have a log file located at:
C:\WINDOWS\SYSTEM32\LogFiles\WMI\trace.log
It keeps on filling up and have no idea how it gets started
but sure want to stop the dang thing from tracing so much
of whatever it is tracing. After maybe 3 hours on computer,
and not running any scripts (that I'm aware of), that file is
4G+ and keeps growing until after about 9-10 hours of having
computer turned on, it is at 43Gig+ in size!

Any help would be greatly appreciated.

Just hate rebooting computer when it doesn't have any problem
except using up my available disk space?

Signed - a frustrated gofer!

 

[Guest]

Have a log file located at:
C:\WINDOWS\SYSTEM32\LogFiles\WMI\trace.log
It keeps on filling up and have no idea how it gets started
but sure want to stop the dang thing from tracing so much
of whatever it is tracing. After maybe 3 hours on computer,
and not running any scripts (that I'm aware of), that file is
4G+ and keeps growing until after about 9-10 hours of having
computer turned on, it is at 43Gig+ in size!

Any help would be greatly appreciated.

Just hate rebooting computer when it doesn't have any problem
except using up my available disk space?

Signed - a frustrated gofer!