locked
Change the logging output location and permissions RRS feed

  • General discussion

  • Change the logging output location and permissions

    The default location to store FSLogix logs can be modified in the system registry.

    This document will explain how to configure a network share with the proper permission levels, and configure FSLogix to deposit it's logs into this share location

     


     

     The default location for logging is:

    <system_drive>\ProgramData\FSLogix\Logs

    The registry location that holds the log storage location is: 

    • HKLM\SOFTWARE\FSLogix\Logging. The GPO setting is in the root folder of the FSLogix GPO and is called "Path to logging files."
    • In the registry add a new REG_SZ value name LogDir and set the value to the network location. \\computername\share\%computername% is recommended. ***important note: FSLogix will not append numerous computers logs to the same file, therefore the directory for each computer needs to be different.***The %computername% directory in this example will be created if it does not exist. Note: If there are spaces in the path (directories or folders) use quote marks as appropriate.

    Also it is frequently valuable to increase the number of days of logs kept. Note: FSLogix does not produce a lot of logs. The space taken for a single user machine per day is 50kb or less typically. For a multi-user machine there may be 2 or 3 mb of log files per day.

    • The registry setting is: HKLM\SOFTWARE\FSLogix\Logging\LogFileKeepingPeriod (Dword) The default is 2. Usually 7, 10, or 14 are good depending on how frequently the problem occurs and how far back we need to look to see the previous state of the VHD(x). The GP setting, in the root of the FSLogix GPO, is "Days to keep log files."

    The UNC locations are usable as long as access is allowed to the location. The logs are written by the FSLogix service and this runs in the context of the computer. So the share must allow access to the computer account/object.
    The access must be granted at both the share and the NTFS permissions level as shown in the screenshots below. Typically the the group Domain Computers is added to give access, but it could be an individual computer as appropriate. Note: The share permissions are only visible on the computer/server where the share exists.

    The items highlighted are the ones to pay most attention to. The permissions need to have read/write or modify. Or, to be sure there are no issues, have a single share for the logs and give the computers (or "domain computers") Full Control.



    Previously, the service needed to be stopped and started for this change to take effect. But that is no longer the case as far as we know.

    Just in case the changes don't take affect immediately, the commands below will stop and start the service:

    sc stop frxsvc
    sc start frxsvc

    See also: https://docs.microsoft.com/en-us/fslogix/logging-diagnostics-reference


    kbart
    Monday, July 29, 2019 8:20 PM