DFSR - Come configurare i log del servizio
Il log del servizio DFSR è già attivo di default e ha anche un livello di dettaglio elevato (Informational = 4). Il log file DFSRxxxxx.log viene creato nella cartella “%windir%\debug” dove risiedono anche i 100 file di log precedenti che sono stati compressi come file DFSRxxxxx.log.gz. Lo storico dei file può essere incrementato da 100 al numero che desideriamo, questo è utile in particolari casi di troubleshooting dove è necessario avere uno storico maggiore. I log hanno diversi parametri di configurazione. Nella seguente tabella riporto tutti i parametri:
Parameter |
Notes |
Range |
Default |
DebugLogFilePath |
Path to create debug log files at |
Local folder path |
%systemroot%\debug |
DebugLogSeverity |
Log level severity |
1 – 5 |
4 |
EnableDebugLog |
Boolean to turn logging on or off |
TRUE, FALSE |
TRUE |
MaxDebugLogFiles |
Count of debug log files |
1 – 10,000 |
100 |
MaxDebugLogMessages |
Lines per debug log file, before moving to the next log file |
1,000 to MAXDWORD* |
200,000 |
I valori della DebugLogSeverity sono:
- Critical Info (1)
- Errors (2)
- Warning (3)
- Informational (4) = Default
- Trace (5)
Per modificare i parametri della tabella Microsoft consiglia di utilizzare il “WMI Command line interface” (WMIC) con i seguenti comandi:
Debug Log File Path
WMIC syntax: wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig set debuglogfilepath="d:\dfsrlogs"
NB: La cartella deve essere creata prima di configurarla con il comando sopra altrimenti il sistema userà la cartella di default non trovando la cartella nel comando.
Debug Log Severity
WMIC syntax: wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig set debuglogseverity=5
Debug Log Messages
WMIC syntax: wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig set maxdebuglogmessages=400000
Debug Log Files
WMIC syntax: wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig set maxdebuglogfiles=200
Non è necessario fare un riavvio del servizio DFSR o del server per far prendere le modifiche. Per verificare se i parametri sono stati presi potete usare il seguente comando:
dfsrdiag DumpMachineCfg /Mem:DFSRServer1
Dopo questa breve spiegazione su come configurare i log possiamo procedere a vedere come leggere i log.
Come interpretare i log del servizio DFSR
All’interno dei log ci sono molte sigle e acronimi che devono essere capiti per poter analizzare i log. Il più importante fra tutti è il Global Version Sequence Number, GVSN. Questo numero è il guid del database in cui è avvenuta l’ultima modifica e la versione.
{DatabaseGuid}-v{version No} .
Un esempio:
20070314 18:02:39.246 1688 LDBX 3548 Ldb::Insert Inserting idRecord: ß Nuovo record inserito nel DB
+ fid 0x200000000015D ß File ID e USN sono riferiti al Journal NTFS
+ usn 0x3f98680
+ uidVisible 0 ß Non è stato ancora “committed”
+ filtered 0 ß Il file non rientra in quelli filtrati
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 0 ß Il file non è stato cancellato.
+ recUpdateTime 16010101 00:00:00.000 GMT
+ present 1
+ nameConflict 0 ß Non ci sono conflitti
+ attributes 0x20 ß Attributo del file
+ gvsn {3823B980-8436-4D70-8BA8-5A6DFDBF9EA9}-v14 ß GVSN = Guid di chi ha originato questo cambiamento
+ uid {3823B980-8436-4D70-8BA8-5A6DFDBF9EA9}-v14 ß UID= Guid di Chi ha creato il file/folder
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1 ß GUID della cartella superiore-parent
+ fence 16010101 00:00:00.000
+ clock 20070314 17:02:39.216 ß Ora UTC del “change”
+ createTime 20070314 17:02:39.216 GMT ß Ora UTC della creazione
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000 ß File/Folder hash
+ similarity 00000000-00000000-00000000-00000000
+ name New Text Document.txt ß Nome del file o della cartella
Per poter risalire al server su cui è stata fatta la modifica dal GUID possiamo usare il tool DFSRDiag che tra le varie opzioni per fare trohbleshooting ha l’opzione Guid2Name.
C:\ >dfsrdiag guid2name /guid:{ 3823B980-8436-4D70-8BA8-5A6DFDBF9EA9} /RGName:rgname
Object Type : DfsrVolumeInfo
Computer : PIPPO.MB.COM
Volume Guid : 7CF914D4-1B2D-11DB-AE4E-806E6F6E6963
Volume Path : C:
Volume SN : 3900110954
DB Guid : 3823B980-8436-4D70-8BA8-5A6DFDBF9EA9
Operation Succeeded
Per semplificare la comprensione dei log di debug ho inserito alcune delle comuni operazioni che vengono fatte su file e directory con i relativi pezzi di log per poter interpretare i log di debug.
Operazioni sui File
● File filtrato dal USN Consumer perché nella lista dei file da filtrare.
20070320 11:29:25.030 1624 USNC 1254 UsnConsumer::ProcessUsnRecord Filtered USN_RECORD:
+ USN_RECORD:
+ RecordLength: 80
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0x20000000001a0
+ ParentFileRefNumber: 0x4000000002960
+ USN: 0x29f0220
+ TimeStamp: 20070320 11:29:24.940 W. Europe Standard Time
+ Reason: Close Rename New Name
+ SourceInfo: 0x0
+ SecurityId: 0x224
+ FileAttributes: 0x20
+ FileNameLength: 14
+ FileNameOffset: 60
+ FileName: AAA.tmp
● File non replicato perché è una modifica non presa in considerazione dal USNConsumer.
20070320 11:44:03.523 1624 LDBX 3665 Ldb::Update Updating idRecord:
+ fid 0xD0000000030C8
+ usn 0x29f6a60
+ uidVisible 1
+ filtered 0
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 0
+ recUpdateTime 20070320 10:40:21.654 GMT
+ present 1
+ nameConflict 0
+ attributes 0x2020
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v25 ß Il GSVN non viene incrementato
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v15
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 10:40:21.644
+ createTime 20070301 14:50:12.910 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 7F941AAB-BBC7047F-AD048620-9754AE10
+ similarity 00000000-00000000-00000000-00000000
+ name attribute.txt
20070320 11:44:03.523 1624 USNC 1879 UsnConsumer::UpdateUsnOnly USN-only update from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 88
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0xd0000000030c8
+ ParentFileRefNumber: 0x4000000002960
+ USN: 0x29f6a60
+ TimeStamp: 20070320 11:44:03.513 W. Europe Standard Time
+ Reason: Basic Info Change Close
+ SourceInfo: 0x0
+ SecurityId: 0x354
+ FileAttributes: 0x2020
+ FileNameLength: 26
+ FileNameOffset: 60
+ FileName: attribute.txt
· Modifica di un file
20070320 11:48:36.085 1624 LDBX 3665 Ldb::Update Updating idRecord:
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v28 ß Il GSVN viene incrementato
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v15
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 10:48:36.075
+ createTime 20070301 14:50:12.910 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000
+ similarity 00000000-00000000-00000000-00000000
+ name attribute.txt
+
20070320 11:48:36.085 1624 USNC 2202 UsnConsumer::UpdateIdRecord ID record updated from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 88
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0xd0000000030c8
+ ParentFileRefNumber: 0x4000000002960
+ USN: 0x29f7ae0
+ TimeStamp: 20070320 11:48:36.075 W. Europe Standard Time
+ Reason: Close Data Overwrite Data truncation
+ SourceInfo: 0x0
+ SecurityId: 0x354
+ FileAttributes: 0x20
+ FileNameLength: 26
+ FileNameOffset: 60
+ FileName: attribute.txt
· File spostato fuori dal Replication Folder ( o cancellato e messo nel cestino )
20070320 11:59:05.520 1624 LDBX 3665 Ldb::Update Updating idRecord:
+ fid 0xD0000000030C8
+ usn 0x29f9390
+ uidVisible 1
+ filtered 0
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 0
+ recUpdateTime 20070320 10:54:08.303 GMT
+ present 0
+ nameConflict 0
+ attributes 0x20
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v30
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v15
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 10:59:05.520
+ createTime 20070301 14:50:12.910 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000
+ similarity 00000000-00000000-00000000-00000000
+ name attribute.txt
+
20070320 11:59:05.520 1624 USNC 2599 UsnConsumer::TombstoneOrDelete ID record tombstoned from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 80
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0xd0000000030c8
+ ParentFileRefNumber: 0x2000000002aa5
+ USN: 0x29f9390
+ TimeStamp: 20070320 11:59:05.520 W. Europe Standard Time
+ Reason: Close Rename New Name
+ SourceInfo: 0x0
+ SecurityId: 0x354
+ FileAttributes: 0x20
+ FileNameLength: 14
+ FileNameOffset: 60
+ FileName: Dc7.txt
● File cancellato senza metterlo nel cestino ( Shitf + canc ).
20070320 12:08:00.379 1624 USNC 2599 UsnConsumer::TombstoneOrDelete ID record tombstoned from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 104
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0x20000000001d7
+ ParentFileRefNumber: 0x4000000002960
+ USN: 0x29fbca8
+ TimeStamp: 20070320 12:08:00.379 W. Europe Standard Time
+ Reason: Close File Delete
+ SourceInfo: 0x0
+ SecurityId: 0x354
+ FileAttributes: 0x20
+ FileNameLength: 40
+ FileNameOffset: 60
+ FileName: Filedacancellare.txt
● Creazione file.
20070320 13:13:17.103 1648 LDBX 3665 Ldb::Update Updating idRecord:
+ fid 0x20000000001F4
+ usn 0x2a0edc8
+ uidVisible 1
+ filtered 0
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 0
+ recUpdateTime 20070320 12:13:05.597 GMT
+ present 1
+ nameConflict 0
+ attributes 0x20
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v38
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v37
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 12:13:17.103
+ createTime 20070320 12:13:05.537 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000
+ similarity 00000000-00000000-00000000-00000000
+ name Creazionefile.txt
+
20070320 13:13:17.103 1648 USNC 2202 UsnConsumer::UpdateIdRecord ID record updated from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 96
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0x20000000001f4
+ ParentFileRefNumber: 0x4000000002960
+ USN: 0x2a0edc8
+ TimeStamp: 20070320 13:13:17.103 W. Europe Standard Time
+ Reason: Close Rename New Name
+ SourceInfo: 0x0
+ SecurityId: 0x354
+ FileAttributes: 0x20
+ FileNameLength: 34
+ FileNameOffset: 60
+ FileName: Creazionefile.txt
Operazioni su Directory
Di seguito una lista di log generati da operazioni su fatte su directory all’interno del “Replication Folder”.
● Copia di una Directory nel “replication folder”
20070320 13:32:24.103 1648 LDBX 3548 Ldb::Insert Inserting idRecord:
+ fid 0x20000000001FF
+ usn 0x2a12e38
+ uidVisible 0
+ filtered 0
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 0
+ recUpdateTime 16010101 00:00:00.000 GMT
+ present 1
+ nameConflict 0
+ attributes 0x10
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 12:32:24.103
+ createTime 20070320 12:32:24.103 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000
+ similarity 00000000-00000000-00000000-00000000
+ name Cartellamovein
20070320 13:32:24.103 1648 USNC 2448 UsnConsumer::CreateNewRecord ID record created from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 88
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0x20000000001ff
+ ParentFileRefNumber: 0x4000000002960
+ USN: 0x2a12e38
+ TimeStamp: 20070320 13:32:24.103 W. Europe Standard Time
+ Reason: File Create
+ SourceInfo: 0x0
+ SecurityId: 0x379
+ FileAttributes: 0x10
+ FileNameLength: 28
+ FileNameOffset: 60
+ FileName: Cartellamovein
+
20070320 13:32:24.103 1648 LDBX 3665 Ldb::Update Updating idRecord:
+ fid 0x20000000001FF
+ usn 0x2a12e90
+ uidVisible 0
+ filtered 0
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 0
+ recUpdateTime 20070320 12:32:24.103 GMT
+ present 1
+ nameConflict 0
+ attributes 0x10
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 12:32:24.103
+ createTime 20070320 12:32:24.103 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000
+ similarity 00000000-00000000-00000000-00000000
+ name Cartellamovein
+
20070320 13:32:24.103 1648 USNC 1879 UsnConsumer::UpdateUsnOnly USN-only update from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 88
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0x20000000001ff
+ ParentFileRefNumber: 0x4000000002960
+ USN: 0x2a12e90
+ TimeStamp: 20070320 13:32:24.103 W. Europe Standard Time
+ Reason: Close File Create
+ SourceInfo: 0x0
+ SecurityId: 0x379
+ FileAttributes: 0x10
+ FileNameLength: 28
+ FileNameOffset: 60
+ FileName: Cartellamovein
+
● Cancellazione/spostamento Directory
20070320 13:35:25.944 1648 LDBX 3665 Ldb::Update Updating idRecord:
+ fid 0x20000000001FF
+ usn 0x2a12e90
+ uidVisible 1
+ filtered 0
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 1
+ recUpdateTime 20070320 12:32:24.143 GMT
+ present 1
+ nameConflict 0
+ attributes 0x10
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 12:32:24.103
+ createTime 20070320 12:32:24.103 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000
+ similarity 00000000-00000000-00000000-00000000
+ name Cartellamovein
+
20070320 13:35:25.944 1648 LDBX 4064 Ldb::InsertWalkerJob Inserting dirWalkerJob:uid:{497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43 moveType:MoveOut (2) at time:20070320 12:35:25.944
20070320 13:35:25.994 1648 DIRW 581 DirWalkerTask::QueueMoveoutJob Queueing move-out uid:{497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43 fid:0x20000000001FF
20070320 13:35:25.994 2096 DIRW 256 DirWalkerTask::Run Start walking directory.
20070320 13:35:25.994 2096 DIRW 1208 DirWalkerTask::MoveoutStep Starting to process move-out job. uid:{497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
20070320 13:35:25.994 2096 DIRW 1233 DirWalkerTask::MoveoutStep Iterating children of uid: {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
20070320 13:35:26.004 2096 LDBX 3665 Ldb::Update Updating idRecord:
+ fid 0x20000000001FF
+ usn 0x2a12e90
+ uidVisible 1
+ filtered 0
+ journalWrapped 0
+ slowRecoverCheck 0
+ pendingTombstone 0
+ recUpdateTime 20070320 12:35:25.944 GMT
+ present 0
+ nameConflict 0
+ attributes 0x10
+ gvsn {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v44
+ uid {497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
+ parent {B00F0EB3-9AB5-4261-A192-EC4D81273408}-v1
+ fence 16010101 00:00:00.000
+ clock 20070320 12:35:25.944
+ createTime 20070320 12:32:24.103 GMT
+ csId {B00F0EB3-9AB5-4261-A192-EC4D81273408}
+ hash 00000000-00000000-00000000-00000000
+ similarity 00000000-00000000-00000000-00000000
+ name Cartellamovein
+
20070320 13:35:26.004 2096 DIRW 101 DirWalkerTask::Job::Finish MoveOut csId:{B00F0EB3-9AB5-4261-A192-EC4D81273408} uid:{497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
20070320 13:35:26.004 2096 DIRW 786 DirWalkerTask::RemoveJob Removing job type:2 uid:{497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
20070320 13:35:26.004 2096 LDBX 4100 Ldb::DeleteWalkerJob Deleting dirWalkerJob. uid:{497C35B7-22CB-48DA-A83A-FE64BD14AC64}-v43
20070320 13:35:26.004 2096 LDBX 1228 LdbManager::UpdateVersionVectorCache Wake up callback 00AD5750
20070320 13:35:26.004 2096 DIRW 303 DirWalkerTask::Run Exit.
20070320 13:35:26.004 1648 USNC 2025 UsnConsumer::TombstoneIdRecord Directory tombstoned or deleted from USN_RECORD:
+ USN_RECORD:
+ RecordLength: 72
+ MajorVersion: 2
+ MinorVersion: 0
+ FileRefNumber: 0x20000000001ff
+ ParentFileRefNumber: 0x2000000002aa5
+ USN: 0x2a13430
+ TimeStamp: 20070320 13:35:25.944 W. Europe Standard Time
+ Reason: Close Rename New Name
+ SourceInfo: 0x0
+ SecurityId: 0x379
+ FileAttributes: 0x10
+ FileNameLength: 8
+ FileNameOffset: 60
+ FileName: Dc11
Matteo Belloni
Support Escalation Engineer
Microsoft Enterprise Platform Support