No console logging on windows

Методы использования команд управления выводом в лог.

1. Иногда работа пользователя в консоли прерывается сообщениями от IOS, информирующими о некоторых событиях. Эти события называются СООБЩЕНИЯМИ СИСТЕМНОГО ЖУРНАЛА (syslog).

2. Команда no logging console отменяет вывод на консоль RS232 сообщений syslog (по умолчанию вывод на последовательную консоль включен).

3. Команда logging IP-адрес позволяет сохранять сообщения на СЕРВЕРЕ СИСТЕМНОГО ЖУРНАЛА. Такой сервер журнала работает в составе Cisco Works. Если используется такая команда, то нужно обязательно дать команду no logging console, поскольку одновременный вывод сообщений в консоль и на сервер иногда приводит к зависанию устройства Cisco.

4. Команда logging buffered . указывает, что все сообщения системного журнала должны быть скопированы в ОЗУ устройства Cisco для ознакомления с ними в будущем. Эта команда особенно полезна, когда нужно просматривать сообщения syslog через сетевое подключение по протоколу Telnet.

5. Команда logging console может применяться для задания уровня сообщений syslog, выводимых на консоль. Самая большая важность у сообщений с уровнем 0 (emergencies — System is unusable), а наименьшая важность 7 (debugging). Чтобы просто разрешить вывод сообщений на консоль, нужно указать просто logging console без цифры (что соответствует уровню по умолчанию 7).

6. Команда logging history может применяться для определения общего количества хранимых сообщений системного журнала, и для управления тем, какую степень важности должны иметь хранимые сообщения, независимо от степени важности сообщений, которые разрешено передавать в соединение с консолью. Для определения количества хранимых сообщений нужно указать команду logging history size n (n число 1..500), для задания важности хранимых сообщений применяется команда logging history , где число от 0 до 7 указывает степень важности (по тому же принципу, что и в команде logging console ).

7. Команда logging monitor применяется для настройки вывода сообщений в терминальных сеансах Telnet, отличных от последовательной консоли. В остальном команда logging monitor полностью аналогична команде logging console.

8. Команда logging on просто разрешает вывод сообщений в место назначения, отличное от консоли. Команда no logging on отменяет вывод всех сообщений, в том числе и на серверы syslog, кроме как на консоль.

9. Просматривать события, сохраненные в памяти (когда указана команда logging buffered . ) можно командой show logging, а так же show logging history.

10. Система логов удобна для анализа трафика, проходящего через устройство Cisco (см. [1]).

11. Правильное отображение времени в логах:

При этом в логах время будет указывается нормальное, с корректным смещением по установленной временнОй зоне. Напомню, что временнАя зона указывается командой
#clock timezone произвольное_название_зоны номер_зоны

По номеру зоны определяется смещение во времени относительно Гринвичского (нулевого).

12. Можно организовать вывод сообщений на syslog-сервер, работающий в сети. Для этого используется по умолчанию порт UDP 514. Обычно syslog-сервер работает на CiscoWorks, на Cisco MARS. Так, например, настраивается вывод в syslog на ASA5540 (IP сервера syslog 192.168.10.50):

How to enable logging in WDS in Windows

This article describes how to enable logging in Windows Deployment Services (WDS) in Windows Server.

Original product version: В Windows Server 2012 R2
Original KB number: В 936625

This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see Windows registry information for advanced users.

Introduction

This article discusses how to enable logging in WDS in Windows Server. Additionally, this article describes how to gather data in WDS.

You can use this information to help troubleshoot issues that you may experience in WDS.

Overview

Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Each WDS component has a mechanism that you can enable for logging and for tracing. You can then analyze the results for troubleshooting. Use the information in the following sections to enable logging and tracing for WDS components.

General WDS server health

Type the following command to generate general server health information:

This command causes general server health information to be logged in the Application log and in the System log.

WDS server component

Type the following command to generate health information about the WDS server component:

This command causes WDS information to be logged in the Application log and in the System log.

Obtain trace logs for Windows Server

To obtain trace information for Windows Server, do the following:

1. Open Event Viewer (eventvwr).
2. Browse to Windows Logs\Applications and Services Logs\Microsoft\Windows\Deployment-Services-Diagnostics.
3. Right-click the channel and choose Enable Log.

Then, configure the components that you want to be logged by setting one or more of the following registry keys to a 0 value.

WDS servers also support the following additional tracing:

You can set these registry keys to the following values to control what is included:

• 7F0000: This value includes packet tracing and protocol tracing.
• 3F0000: This value excludes packet tracing.
• 3E0000: This value excludes packet tracing and protocol tracing. By default, this value is used.

A tracing process may affect performance. Therefore, we recommend that you disable the tracing functionality when you do not have to generate a log.

After you set this registry entry, trace information for the WDS server component is logged in the following file:%windir%\Tracing\wdsserver.log

WDS management components

Type the following command to generate management component health information:

This command causes WDS component health information to be logged in the Application log and in the System log.

Enable tracing

To obtain trace information, you must enable tracing in the WDS management component and in the WDS Microsoft Management Console (MMC) component. To do this, set the following registry entries:

For the management component

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WDSMGMT
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

For the MMC component

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WDSMMC
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

After you set these registry entries, trace information for the WDS management component is logged in the %windir%\Tracing\wdsmgmt.log file.

Additionally, trace information for the WDS MMC component is logged in the %windir%\Tracing\wdsmmc.log file.

Although the WDS MMC component and the WDSUTIL component share the same API layer, MMC sometimes adds processing and functionality. If an error occurs, it is frequently worthwhile to use WDSUTIL to try to reproduce the failure. WDSUTIL may help you determine whether the error is local to MMC or whether the error is a general management API failure. Frequently, the WDSUTIL component provides more detailed error output when tracing is not enabled. Where applicable, use the following options to obtain extra information:

WDS legacy components

If you perform legacy management functions, set the following registry entry to enable tracing in the RISetup component:

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RISetup
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

To obtain the trace log in the WDSCapture operation, follow these steps:

Start the Capture Windows PE boot image.

When the Capture Wizard starts, press SHIFT+F10 to open a command prompt.

Enable tracing in the WDSCapture component. To do this, follow these steps:

1. Start Registry Editor.
2. Set the following registry entry to enable tracing in the WDSCapture component:

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WDSCapture
• Name: EnableFileTracing
• Value type: REG_DWORD
• Value data: 1

Start a second instance of the WDSCapture component. Then, reproduce the problem by using the second instance of WDSCapture.

Don’t close the original instance of WDSCapture. If you close the original instance of WDSCapture, Windows PE restarts. Instead, press ALT+TAB to switch between the instances of WDSCapture.The following trace log file is generated: X:\Windows\Tracing\WDSCapture.log.

WDS client components

To turn on the client logging functionality, run the following command on the WDS server:

Then, run the following command on the WDS server to change which events are logged:

Each category includes all the events from the previous categories.

The following are the definitions of the logging levels:

• The NONE logging level disables the logging functionality. By default, this logging level is used.
• The ERRORS logging level logs only errors.
• The WARNINGS logging level logs warnings and errors.
• The INFO logging level logs errors, warnings, and informational events. This logging level is the highest logging level.

To view the event logs, follow these steps:

1. Open Server Manager, and then click Diagnostics.
2. Click Event Viewer.
3. Click Applications and Services Logs.
4. Click Microsoft, click Windows, and then click Deployment-Services-Diagnostics.

In the tree structure of event logs, the Admin log contains all the errors, and the Operational log contains the information messages. The following are the definitions of the architectures that are listed for some errors in these logs:

• The Architecture 0 is the x86 processor architecture.
• The Architecture 6 is the IA-64 processor architecture.
• The Architecture 9 is the x64 processor architecture.

Setup logs from the client computer

The location of the setup logs depends on when the failure occurs.

If the failure occurs in Windows PE before the disk configuration page of the WDS client is completed, you can find the logs at the X:\Windows\Panther folder. Use Shift+F10 to open a command prompt, and then change the directory to the location.

If the failure occurs in Windows PE after the disk configuration page of the WDS client is completed, you can find the logs on the local disk volume at the $Windows.

BT\Sources\Panther folder. The local disk volume is usually the drive C. Use Shift+F10 to open a command prompt, and then change the directory to the location.

If the failure occurs on the first boot after the image is applied, you can find the logs in the \Windows\Panther folder of the local disk volume. The local disk volume is usually the drive C.

Enabling debug logging for the Netlogon service

This article describes the steps to enable logging of the Netlogon service in Windows to monitor or troubleshoot authentication, DC locator, account lockout, or other domain communication-related issues.

Original product version: В Windows 10 — all editions, Windows Server 2016, Windows Server 2019, Windows Server 2012 R2
Original KB number: В 109626

More information

This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

The version of Netlogon.dll that has tracing included is installed by default on all currently supported versions of Windows. To enable debug logging, set the debug flag that you want by using Nltest.exe, the registry, or Group Policy. To do it, follow these steps:

For Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

These steps also apply to Windows 10.

To enable Netlogon logging:

Open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2 and later versions).

Type the following command, and then press Enter:

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2 or later to enable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify new writes to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows 10, and Windows Server 2012 R2 and later versions). Then run the following commands:

• In some circumstances, you may have to perform an authentication against the system in order to obtain a new entry in the log to verify that logging is enabled.
• Using the computer name may cause no new test authentication entry to be logged.

To disable Netlogon logging, follow these steps:

Open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2 and higher).

Type the following command, and then press Enter:

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2 or later versions to disable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify that no new information is being written to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows 10, and Windows Server 2012 R2 and later versions). Then run the following commands:

Alternative methods to enable Netlogon logging

In all versions of Windows, you can use the registry method that’s provided in the Enable/Disable logging by using registry method section.

On computers that are running Windows Server 2012 R2 and later versions of the operating system, you can also use the following policy setting to enable verbose Netlogon logging (value is set in bytes):

\Computer Configuration\Administrative Templates\System\Net Logon\Specify log file debug output level

A value of decimal 545325055 is equivalent to 0x2080FFFF (which enables verbose Netlogon logging). This Group Policy setting is specified in bytes.

The Group Policy method can be used to enable Netlogon logging on a larger number of systems more efficiently. We don’t recommend that you enable Netlogon logging in policies that apply to all systems, such as the Default Domain Policy. Instead, consider narrowing the scope to systems that may be causing problems by using one of the following methods:

• Create a new policy by using this Group Policy setting, and then provide the Read and Apply Group Policy rights to a group that contains only the required computer accounts.
• Move computer objects into a different OU, and then apply the policy settings at that OU level.

Enable/Disable logging by using registry method

To enable logging, you may have to obtain a checked build of Netlogon.dll.

Start Registry Editor.

If it exists, delete the Reg_SZ value of the following registry entry, create a REG_DWORD value with the same name, and then add the 2080FFFF hexadecimal value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2 and later versions to enable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify the new writes to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2/Windows 10 and above). Then run the following commands:

• In some circumstances, you may have to do an authentication against the system to obtain a new entry in the log to verify that logging is enabled.
• Using the computer name may cause no new test authentication entry to be logged.

To disable Netlogon logging, follow these steps:

In Registry Editor, change the data value to 0x0 in the following registry key:

Exit Registry Editor.

It’s typically unnecessary to stop and restart the Netlogon service for Windows Server 2012 R2, Windows 10, or later versions to disable Netlogon logging. Netlogon-related activity is logged to %windir%\debug\netlogon.log. Verify that no new information is being written to this log to determine whether a restart of the Netlogon service is necessary. If you have to restart the service, open a Command Prompt window (administrative Command Prompt window for Windows Server 2012 R2/Windows 10 and later versions of the operating system). Then run the following commands:

Set the maximum log file size for Netlogon logs:

The MaximumLogFileSize registry entry can be used to specify the maximum size of the Netlogon.log file. By default, this registry entry doesn’t exist, and the default maximum size of the Netlogon.log file is 20 MB. When the file reaches 20 MB, it’s renamed to Netlogon.bak, and a new Netlogon.log file is created. This registry entry has the following parameters:

• Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
• Value Name: MaximumLogFileSize
• Value Type: REG_DWORD
• Value Data:

Remember that the total disk space that’s used by Netlogon logging is the size that’s specified in the maximum log file size times two (2). It’s required to accommodate space for the Netlogon.log and Netlogon.bak file. For example, a setting of 50 MB can require 100 MB of disk space, which provides 50 MB for Netlogon.log and 50 MB for Netlogon.bak.

As mentioned earlier, on Windows Server 2012 R2 and later versions of the operating system, you can use the following policy setting to configure the log file size (value is set in bytes):

\Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
247811 How domain controllers are located in Windows