Share via


How to format a Programlog in Forefront Protection

We are often asked how a customer can read the new Programlog format, ETL, that has been implemented within the Forefront Protection suite, in order to be able to perform some troubleshooting without involving MS Support.

The good news is that a command line tool needed to do this is included within Forefront Protection installation.

To use this tool to format the Programlog.etl file, open a command prompt and change folder to the Forefront Program files folder. By default this should be, “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server.

Next run the following command line:-

fsctraceformat.exe .\data\programlog.etl –p .\data\tmf –o .\data\programlog.txt

 

This should then create a text file, within the Forefront “Data” folder, called Programlog.txt containing the formatted log entries

If you find that when the tool finishes, it appears to have been partly successful but has reported numerous “Unknowns” or that within the formatted log file, there are several entries in the form:-

Unknown( 18): GUID=2435de0f-d5ac-dfd1-77cdfed6a7d0 (No Format Information Found)

 

This is probably due to the FPSMC agent TMF files not being present in the TMF folder we are using.

By default, these TMF files can be found in “C:\Program Files (x86)\Forefront Protection Server Management\DeploymentAgent\TMF\TraceFormat.cab”. These files should be extracted from the CAB file and copied to the TMF folder within the Forefront Protection for Exchange TMF folder, “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\Data\TMF”.

I hope this helps. Again any constructive feedback is very welcome

Comments

  • Anonymous
    June 07, 2012
    hi it doesn't work for me I've got the error : Cannot open logfile for reading D:Microsoft Forefront Protection for Exchange Server>fsctraceformat.exe .data programlog.etl -p .datatmf -o .dataprogramlog.txt Setting log file to: D:Microsoft Forefront Protection for Exchange Serverdataprogramlog.etl Setting log file to: D:Microsoft Forefront Protection for Exchange Server?p Cannot open logfile for reading Processing completed   Buffers: 0, Events: 0, EventsLost: 0 :: Format Errors: 0, Unknowns: 0 thks

  • Anonymous
    June 07, 2012
    is the forefront data folder on a different drive? The path - .data - when run from within the "C:Microsoft Forefront Protection for Exchange Server" folder, will refer to "C:Microsoft Forefront Protection for Exchange Serverdata" which is normally where the data folder is located and the programlog.etl file should be in here. If the programlog.etl and/or Forefront TMF folder are in a different location(s), as would be expected on certain cluster configurations, you simply need to change the paths to point to the correct location for the data folder.

  • Anonymous
    June 08, 2012
    my FPE installation based directory is : "D:Microsoft Forefront Protection for Exchange Server" the data directory is "D:Microsoft Forefront Protection for Exchange Serverdata" the command is correct if I launch the following command before fsctraceformat.exe : Set TRACE_FORMAT_PREFIX=”[%4!s!][%8!5d!][%3!5d!][%!LEVEL!%][%!FLAGS!%][%1!s!][%2!s!][%!FUNC!]” the command : fsctraceformat.exe .dataprogramlog.etl -p .datatmf -o .dataprogramlog.txt is running properly

  • Anonymous
    June 11, 2012
    Strange, I thought the command above was just to set the formatting of the output, whereas the error you received is that it can't find the programlog.etl file. Anyway, I'm glad this is now working for you :)

  • Anonymous
    August 10, 2012
    Hello Alex, I'm having the same same issue but my data folder is not on the same disk. binaries path is "C:Program Files (x86)Microsoft Forefront Protection for Exchange Server" and data path is "d:forefrontdata". I'm opening a cmd as admin, change directory to binaries path and launch : fsctraceformat.exe D:ForefrontDataprogramlog.etl -p D:ForefrontDatatmf -o D:ForefrontDataprogramlog.txt The result is : Setting log file to: D:ForefrontDataprogramlog.etl Setting log file to: C:Program Files (x86)Microsoft Forefront Protection for Exchange Server?p Cannot open logfile for reading So the path is ok on the first "Setting log file to" but not on the second. Am I doing something wrong ?

  • Anonymous
    August 17, 2012
    Hi Yann, Very strange. I would have expected this to work ok. Can you try to change folder to "D:ForefrontData" and run the command:- "C:Program Files (x86)Microsoft Forefront Protection for Exchange Serverfsctraceformat.exe" .programlog.etl –p .tmf –o .programlog.txt It could also be worth trying to set the system variable as one user above had issues which were resolved by this. Simply run the following from a command prompt before running the fsctraceformat.exe utility:- Set TRACE_FORMAT_PREFIX=”[%4!s!][%8!5d!][%3!5d!][%!LEVEL!%][%!FLAGS!%][%1!s!][%2!s!][%!FUNC!]” Please elt me know how this goes, Alex