Although I know it may appear that the CBS.log is a really verbose log, there are times when you might need for the logging to be more verbose than it already is. Luckily, we have the ability for you to enable verbose logging for CBS. What this adds to the log is the ability to see the files and registry changes happening against an operation. I usually find this particularly helpful when troubleshooting an issue where I think something might be in a specific place (like the registry for example) but I dont know exactly where its happening. At times this verbosity will give me the information I need, and along with solid troubleshooting steps, will allow for me to find and fix the issue.
To enable verbose CBS logging is easy:
1. NET STOP TRUSTEDINSTALLER
2. Add the following system environment variable: WINDOWS_TRACING_FLAGS with a value of 10000. *NOTE: This does not require a reboot to take affect.
3. NET START TRUSTEDINSTALLER
If there is anything new happening that can be logged, it will be. Otherwise, if your logs look the same, you're probably on the wrong path in your troubleshooting.
NOTE: To add a system environment variable do the following:
1. Right click on My Computer and choose Properties
2. Choose the Advanced System settings option
3. Click Environment Variables in the bottom right hand corner of the dialog box
4. Under System Variables choose New and then add the variable name and value
Thanks to Susan for bringing this up :)
Edited to reflect George's comment below on this.
great tip :)
Exactly where/how do you put this? Command prompt? Registry? As this is the only bingle hit for this so I'm not sure exactly how/where that system environment variable goes to trigger this?
(and btw don't let Ned's head envy get you down, we love your head)
Added the way you add this Susan, let me know if that makes sense. I'll make sure Ned knows his head envy is definately justified now <G>
Cool! Yup makes perfect sense now!
Nice tip. Is there a way to reduce the log verbosity of CBS.log? like Windows Installer allows through Group Policy? I find these logs taking a great deal of space and I can't troubleshoot them anyways.
Can u plz right a blog on how 2 read these logs..? It wud b of great help especially when Win 7 SP1 realease is rnd the corner..!! I would appreciate if u could jst take it up and show how to hunt down the errors from such a detailed CBS..
For log verbosity, no, the way its set by default is the least detailed the log gets.
Rahul, as to your point. I was actually thinking about doing a weekly series starting after the holidays that centers around one of the issues that we see during the week and how we use the log to troubleshoot them. Maybe that will help, aside from that though, I will think of a way to get some general troubleshooting guidelines set up in a future post.
Thanx.. Will be waiting for both the series & the troubleshooting guidelines
The cbs.log is 3GB with this verbose logging *shocked*. How to open such an file?
I have an internal parser that I use. There are probably some good ones online though.
In general, I don't find that the POQ tracing facility alone provides much value. It does do a great job at bloating the log, as you all notice! If you use WINDOWS_TRACING_FLAGS and set that to 10000 instead all of the facilities should get enabled.