How to format a Programlog in Forefront Protection

We are often asked how a customer can read the new Programlog format, ETL, that has been implemented within the Forefront Protection suite, in order to be able to perform some troubleshooting without involving MS Support.

The good news is that a command line tool needed to do this is included within Forefront Protection installation.

To use this tool to format the Programlog.etl file, open a command prompt and change folder to the Forefront Program files folder. By default this should be, “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server.

Next run the following command line:-

fsctraceformat.exe .\data\programlog.etl –p .\data\tmf –o .\data\programlog.txt

This should then create a text file, within the Forefront “Data” folder, called Programlog.txt containing the formatted log entries

If you find that when the tool finishes, it appears to have been partly successful but has reported numerous “Unknowns” or that within the formatted log file, there are several entries in the form:-

Unknown( 18): GUID=2435de0f-d5ac-dfd1-77cdfed6a7d0 (No Format Information Found)

This is probably due to the FPSMC agent TMF files not being present in the TMF folder we are using.

By default, these TMF files can be found in “C:\Program Files (x86)\Forefront Protection Server Management\DeploymentAgent\TMF\TraceFormat.cab”. These files should be extracted from the CAB file and copied to the TMF folder within the Forefront Protection for Exchange TMF folder, “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\Data\TMF”.

I hope this helps. Again any constructive feedback is very welcome