< Back
Set-AutologgerConfig
Post
NAME Set-AutologgerConfig
SYNOPSIS
Modifies an Autologger configuration.
SYNTAX
Set-AutologgerConfig [-Name] <String[]> [-BufferSize <UInt32>] [-CimSession <CimSession[]>] [-ClockType {Performance | System | Cycle}]
[-DisableRealtimePersistence <UInt32>] [-FileMax <UInt32>] [-FlushTimer <UInt32>] [-Guid <String>] [-InitStatus <UInt32>] [-LocalFilePath
<String>] [-LogFileMode <UInt32>] [-MaximumBuffers <UInt32>] [-MaximumFileSize <UInt32>] [-MinimumBuffers <UInt32>] [-PassThru] [-Start <UInt32>]
[-ThrottleLimit <Int32>] [<CommonParameters>]
Set-AutologgerConfig [-BufferSize <UInt32>] [-CimSession <CimSession[]>] [-ClockType {Performance | System | Cycle}] [-DisableRealtimePersistence
<UInt32>] [-FileMax <UInt32>] [-FlushTimer <UInt32>] [-Guid <String>] [-InitStatus <UInt32>] [-LocalFilePath <String>] [-LogFileMode <UInt32>]
[-MaximumBuffers <UInt32>] [-MaximumFileSize <UInt32>] [-MinimumBuffers <UInt32>] [-PassThru] [-Start <UInt32>] [-ThrottleLimit <Int32>]
[<CommonParameters>]
DESCRIPTION
The Set-AutologgerConfig cmdlet modifies an existing Autologger configuration. An Autologger event tracing session records events that occur early
in the operating system boot process. Applications and device drivers capture traces both before and after the user logs in. Restart the computer
for configuration changes to take effect in the underlying Event Trace for Windows (ETW) session. Modify the ETW trace session by using the
Set-EtwTraceSession and Remove-EtwTraceSession cmdlets.
PARAMETERS
-BufferSize [<UInt32>]
Specifies the size, in kilobytes, of buffers. We recommend less than 1000 kilobytes. If you do not specify a value for this parameter, ETW
uses the size of physical memory to calculate a default value.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession
or Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-ClockType [<ClockType>]
Specifies the timer to use for the time stamp for events. Valid values are:
-- Performance. Performance counter value (high resolution)
-- System. System timer
-- Cycle. CPU cycle counter
The default value is Performance on computers that run Windows Vista and subsequent versions of the Windows operating systems. The default
value is System for previous versions of the Windows operating system.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-DisableRealtimePersistence [<UInt32>]
Specifies whether to not persist real-time events that were not delivered before the time the computer was shutdown. Persisted events are
delivered to the consumer the next time the consumer connects to the session. To disable real time persistence, specify a value of one. To
persist events, specify a value of zero. The default is zero.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FileMax [<UInt32>]
Specifies the maximum number of instances of the log file that ETW creates. Valid values are integers up to 16.
If the log file you specified with the LocalFilePath parameter exists, ETW appends the FileCounter value to the file name. For example, if the
default log file name is used, the form is %SystemRoot%\\System32\\LogFiles\\WMI\\<sessionname>.etl.NNNN.
The first time you start the computer, the file name is <sessionname>.etl.0001. The second time, the file name is <sessionname>.etl.0002. If
you specify a value of 3 for FileMax, then at the fourth start of the computer, ETW resets the counter to one (1), and then overwrites
<sessionname>.etl.0001.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FlushTimer [<UInt32>]
Specifies the interval, in seconds, at which to flush trace buffers. The minimum value is one second. This forced flush is in addition to the
automatic flush that occurs when a buffer is full and when the trace session stops.
For a real-time logger, the default value of zero means that the flush time is one second. You can configure a real-time logger by specifying
a value of EVENT_TRACE_REAL_TIME_MODE for the LogFileMode parameter.
The default value is zero. By default, buffers are flushed only when they are full.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Guid [<String>]
Specifies a GUID, as a string, that uniquely identifies the session.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-InitStatus [<UInt32>]
Specifies the initial status of the Autologger configuration.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-LocalFilePath [<String>]
Specifies the full path for an ETW log file.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-LogFileMode [<UInt32>]
Specifies one or more log modes. For valid values, see Logging Mode Constants.
Instead of writing to a log file, you can specify either EVENT_TRACE_BUFFERING_MODE or EVENT_TRACE_REAL_TIME_MODE. EVENT_TRACE_BUFFERING_MODE
avoids the cost of flushing the contents of the session to disk when the file system becomes available.
Autologger sessions do not support the EVENT_TRACE_FILE_MODE_NEWFILE logging mode.
If you specify EVENT_TRACE_FILE_MODE_APPEND, specify a value for the BufferSize parameter that is the same in both the logger and the file
being appended.
Specify more than one log mode, add the values of the modes. For instance, to include both EVENT_TRACE_FILE_MODE_CIRCULAR, which has a value
of 0x00000002, and EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING, which has a value of 0x10000000, add 0x10000000 and 0x00000002 to obtain 0x1000002.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-MaximumBuffers [<UInt32>]
Specifies the maximum number of buffers to allocate to the Autologger session. We recommend a value of the MinimumBuffers parameter plus
twenty. The value must be greater than or equal to MinimumBuffers. If you do not specify a value for the current parameter, ETW uses the
buffer size and the size of physical memory to calculate a default value.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-MaximumFileSize [<UInt32>]
Specifies the maximum size, in megabytes, of a log file. The session is closed when the maximum size is reached, unless the session uses the
circular log file mode. To specify no limit, specify a value of zero. The default value is 100 MB. When the log file size reaches its maximum
size, the behavior depends on the value specified by the LogFileMode parameter.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-MinimumBuffers [<UInt32>]
Specifies the minimum number of buffers to allocate at startup of the Autologger session. The minimum number of buffers that you can specify
is two buffers per processor.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Name <String[]>
Specifies an array of names of the Autologger configurations to modify.
Required? true
Position? 1
Default value none
Accept pipeline input? true(ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Indicates that this cmdlet returns an object that represents the item on which it operates. By default, this cmdlet does not generate any
output.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Start [<UInt32>]
Specifies whether to activate the Autologger session at the next computer restart. Specify a value of one to activate. Otherwise, specify a
value of zero.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of
zero is entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are
running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Modify a configuration
PS C:\\>Set-AutologgerConfig -Name "WFP-IPsec Trace" -MaximumBuffers 8 -ClockType Cycle
This command modifies the Autologger configuration named WFP-IPsec Trace.
RELATED LINKS
Configuring and Starting an AutoLogger Session
Logging Mode Constants
WNODE_HEADER structure
Get-AutologgerConfig
New-AutologgerConfig
Remove-AutologgerConfig
Remove-EtwTraceSession
Set-EtwTraceSession
SYNOPSIS
Modifies an Autologger configuration.
SYNTAX
Set-AutologgerConfig [-Name] <String[]> [-BufferSize <UInt32>] [-CimSession <CimSession[]>] [-ClockType {Performance | System | Cycle}]
[-DisableRealtimePersistence <UInt32>] [-FileMax <UInt32>] [-FlushTimer <UInt32>] [-Guid <String>] [-InitStatus <UInt32>] [-LocalFilePath
<String>] [-LogFileMode <UInt32>] [-MaximumBuffers <UInt32>] [-MaximumFileSize <UInt32>] [-MinimumBuffers <UInt32>] [-PassThru] [-Start <UInt32>]
[-ThrottleLimit <Int32>] [<CommonParameters>]
Set-AutologgerConfig [-BufferSize <UInt32>] [-CimSession <CimSession[]>] [-ClockType {Performance | System | Cycle}] [-DisableRealtimePersistence
<UInt32>] [-FileMax <UInt32>] [-FlushTimer <UInt32>] [-Guid <String>] [-InitStatus <UInt32>] [-LocalFilePath <String>] [-LogFileMode <UInt32>]
[-MaximumBuffers <UInt32>] [-MaximumFileSize <UInt32>] [-MinimumBuffers <UInt32>] [-PassThru] [-Start <UInt32>] [-ThrottleLimit <Int32>]
[<CommonParameters>]
DESCRIPTION
The Set-AutologgerConfig cmdlet modifies an existing Autologger configuration. An Autologger event tracing session records events that occur early
in the operating system boot process. Applications and device drivers capture traces both before and after the user logs in. Restart the computer
for configuration changes to take effect in the underlying Event Trace for Windows (ETW) session. Modify the ETW trace session by using the
Set-EtwTraceSession and Remove-EtwTraceSession cmdlets.
PARAMETERS
-BufferSize [<UInt32>]
Specifies the size, in kilobytes, of buffers. We recommend less than 1000 kilobytes. If you do not specify a value for this parameter, ETW
uses the size of physical memory to calculate a default value.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-CimSession [<CimSession[]>]
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession
or Get-CimSession cmdlet. The default is the current session on the local computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-ClockType [<ClockType>]
Specifies the timer to use for the time stamp for events. Valid values are:
-- Performance. Performance counter value (high resolution)
-- System. System timer
-- Cycle. CPU cycle counter
The default value is Performance on computers that run Windows Vista and subsequent versions of the Windows operating systems. The default
value is System for previous versions of the Windows operating system.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-DisableRealtimePersistence [<UInt32>]
Specifies whether to not persist real-time events that were not delivered before the time the computer was shutdown. Persisted events are
delivered to the consumer the next time the consumer connects to the session. To disable real time persistence, specify a value of one. To
persist events, specify a value of zero. The default is zero.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FileMax [<UInt32>]
Specifies the maximum number of instances of the log file that ETW creates. Valid values are integers up to 16.
If the log file you specified with the LocalFilePath parameter exists, ETW appends the FileCounter value to the file name. For example, if the
default log file name is used, the form is %SystemRoot%\\System32\\LogFiles\\WMI\\<sessionname>.etl.NNNN.
The first time you start the computer, the file name is <sessionname>.etl.0001. The second time, the file name is <sessionname>.etl.0002. If
you specify a value of 3 for FileMax, then at the fourth start of the computer, ETW resets the counter to one (1), and then overwrites
<sessionname>.etl.0001.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FlushTimer [<UInt32>]
Specifies the interval, in seconds, at which to flush trace buffers. The minimum value is one second. This forced flush is in addition to the
automatic flush that occurs when a buffer is full and when the trace session stops.
For a real-time logger, the default value of zero means that the flush time is one second. You can configure a real-time logger by specifying
a value of EVENT_TRACE_REAL_TIME_MODE for the LogFileMode parameter.
The default value is zero. By default, buffers are flushed only when they are full.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Guid [<String>]
Specifies a GUID, as a string, that uniquely identifies the session.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-InitStatus [<UInt32>]
Specifies the initial status of the Autologger configuration.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-LocalFilePath [<String>]
Specifies the full path for an ETW log file.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-LogFileMode [<UInt32>]
Specifies one or more log modes. For valid values, see Logging Mode Constants.
Instead of writing to a log file, you can specify either EVENT_TRACE_BUFFERING_MODE or EVENT_TRACE_REAL_TIME_MODE. EVENT_TRACE_BUFFERING_MODE
avoids the cost of flushing the contents of the session to disk when the file system becomes available.
Autologger sessions do not support the EVENT_TRACE_FILE_MODE_NEWFILE logging mode.
If you specify EVENT_TRACE_FILE_MODE_APPEND, specify a value for the BufferSize parameter that is the same in both the logger and the file
being appended.
Specify more than one log mode, add the values of the modes. For instance, to include both EVENT_TRACE_FILE_MODE_CIRCULAR, which has a value
of 0x00000002, and EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING, which has a value of 0x10000000, add 0x10000000 and 0x00000002 to obtain 0x1000002.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-MaximumBuffers [<UInt32>]
Specifies the maximum number of buffers to allocate to the Autologger session. We recommend a value of the MinimumBuffers parameter plus
twenty. The value must be greater than or equal to MinimumBuffers. If you do not specify a value for the current parameter, ETW uses the
buffer size and the size of physical memory to calculate a default value.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-MaximumFileSize [<UInt32>]
Specifies the maximum size, in megabytes, of a log file. The session is closed when the maximum size is reached, unless the session uses the
circular log file mode. To specify no limit, specify a value of zero. The default value is 100 MB. When the log file size reaches its maximum
size, the behavior depends on the value specified by the LogFileMode parameter.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-MinimumBuffers [<UInt32>]
Specifies the minimum number of buffers to allocate at startup of the Autologger session. The minimum number of buffers that you can specify
is two buffers per processor.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Name <String[]>
Specifies an array of names of the Autologger configurations to modify.
Required? true
Position? 1
Default value none
Accept pipeline input? true(ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Indicates that this cmdlet returns an object that represents the item on which it operates. By default, this cmdlet does not generate any
output.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Start [<UInt32>]
Specifies whether to activate the Autologger session at the next computer restart. Specify a value of one to activate. Otherwise, specify a
value of zero.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-ThrottleLimit [<Int32>]
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of
zero is entered, then Windows PowerShell???? calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are
running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Modify a configuration
PS C:\\>Set-AutologgerConfig -Name "WFP-IPsec Trace" -MaximumBuffers 8 -ClockType Cycle
This command modifies the Autologger configuration named WFP-IPsec Trace.
RELATED LINKS
Configuring and Starting an AutoLogger Session
Logging Mode Constants
WNODE_HEADER structure
Get-AutologgerConfig
New-AutologgerConfig
Remove-AutologgerConfig
Remove-EtwTraceSession
Set-EtwTraceSession