Managing Home Group log file sizes

Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          1.10.13 18:39:13
Event ID:      4
Level:         Warning
Description:
The maximum file size for session "P2PLog" has been reached. As a result, events might be lost (not logged) to file "C:\WINDOWS\Logs\Homegroup\p2p.etl". The maximum files size is currently set to 5242880 bytes.
Name="FileName">C:\WINDOWS\Logs\Homegroup\p2p.etl</Data>
    <Data Name="ErrorCode">3221225864</Data>
    <Data Name="LoggingMode">293601285</Data>
    <Data Name="MaxFileSize">5242880</Data>

How can you change to overwrite?

How do you read one of these etl files?

October 4th, 2013 12:26pm

Hi,

You may try to rename log file by an old name, it would create a new copy for this kind of log information.

If you want to open this log file, you can use event viewer, Open Saved Log.

Hope this helps.

Free Windows Admin Tool Kit Click here and download it now

October 7th, 2013 2:33pm

Thanks for your response.

You may try to rename log file by an old name, it would create a new copy for this kind of log information.

It does create a new file when you restart the computer.

If you want to open this log file, you can use event viewer, Open Saved Log.

You cannot open it in it's existing location. You get a file in use response. You can open a copy of the file using Event Viewer.

Your suggestion still leaves this question unresolved. " How can you change to overwrite?"

What do you make of this error?

Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          4.10.13 15:02:50
Event ID:      2
Level:         Error
Description:
Session "HomeGroupLog" failed to start with the following error: 0xC0000035
<EventData>
    <Data Name="SessionName">HomeGroupLog</Data>
    <Data Name="FileName">
    </Data>
    <Data Name="ErrorCode">3221225525</Data>
    <Data Name="LoggingMode">285212677</Data>

October 7th, 2013 4:48pm

Thanks for your response.

You may try to rename log file by an old name, it would create a new copy for this kind of log information.

It does create a new file when you restart the computer.

If you want to open this log file, you can use event viewer, Open Saved Log.

You cannot open it in it's existing location. You get a file in use response. You can open a copy of the file using Event Viewer.

Your suggestion still leaves this question unresolved. " How can you change to overwrite?"

What do you make of this error?

Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          4.10.13 15:02:50
Event ID:      2
Level:         Error
Description:
Session "HomeGroupLog" failed to start with the following error: 0xC0000035
<EventData>
    <Data Name="SessionName">HomeGroupLog</Data>
    <Data Name="FileName">
    </Data>
    <Data Name="ErrorCode">3221225525</Data>
    <Data Name="LoggingMode">285212677</Data>

Free Windows Admin Tool Kit Click here and download it now

February 10th, 2014 9:56am

How can you change to overwrite?

Supposedly we can use wevtutil but when I try this command nothing is found about the Homegroup?

C.f.

http://answers.microsoft.com/en-us/windows/forum/windows8_1-performance/event-viewer-error-windows-81/791658d8-0a1c-428f-9f70-a425938f9472#LastReply

Still looking.

March 1st, 2015 3:39am

How do you read one of these etl files?

C:\windows\system32>assoc .etl
.etl=wpa.etl_file

C:\windows\system32>ftype wpa.etl_file
wpa.etl_file=C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\wpa.exe "%1"

Free Windows Admin Tool Kit Click here and download it now

March 1st, 2015 3:45am

Robert

The original questions I raised in October 2013 remain unresolved.

March 1st, 2015 4:04pm

The original questions I raised in October 2013 remain unresolved.

Do you have the WPT yet? That would at least solve the second one. <eg>

Free Windows Admin Tool Kit Click here and download it now

March 1st, 2015 4:16pm

Robert

Is this what your cryptic remark was referring to?
https://msdn.microsoft.com/en-us/library/windows/hardware/hh162962.aspx?f=255&MSPPError=-2147217396

or were you meaning?
http://www.worldpokertour.co

March 1st, 2015 5:04pm

Is this what your cryptic remark was referring to?
https://msdn.microsoft.com/en-us/library/windows/hardware/hh162962.aspx?f=255&MSPPError=-2147217396

Yes. Context is Microsoft so search would be

WPT site:microsoft.com

BTW why do we keep seeing those Error= things when trying to cite links? That's not useful IMO.

And what is it anyway? 0x8004100C

OneNote is doing the same thing

WBEM_E_NOT_SUPPORTED

2147749900
(0x8004100C)

Feature or
operation is not supported.

From
<https://msdn.microsoft.com/en-us/library/aa394559%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396>

WTH? One number is positive and one number is negative? Oh it's the same 4 bytes for a Qword with and without sign-extension. So, the hex representation is more accurate.

Free Windows Admin Tool Kit Click here and download it now

March 1st, 2015 8:09pm

What about making changes referring to this one? Why doesn't it refer to the Homegroup though?

C:\>wevtutil gp Microsoft-Windows-Kernel-EventTracing

BTW the help link fails. What a surprise!

http://go.microsoft.com/fwlink/events.asp?CoName=Microsoft%20Corporation&ProdName=Microsoft%c2%ae%20Windows%c2%ae%20Operating%20System&ProdVer=6.3.9600.16384&FileName=Microsoft-Windows-System-Events.dll&FileVer=6.3.9600.16384

Where the heck are they thinking that would go?

Ah. I might have something. I stripped off all the detail from &ProdVer= on and got this

http://www.microsoft.com/products/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=&EvtID=&EvtSrc=&FileVer=&FileName=&EvtType=&LCID=

So, if that's where the Go link was supposed to be taking us, let's try filling it in with those details that were stripped off to get there. What are the chances I'm going to get this right?...

FWIW here is my stab at it. ID: and Source: are still not filled in.

http://www.microsoft.com/products/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=6.3.9600.16384&EvtID=&EvtSrc=&FileVer=6.3.9600.16384&FileName=Microsoft-Windows-System-Events.dll&EvtType=&LCID=

But it looks like that link probably wouldn't be taking us any place useful anyway even if it was working correctly.

Looks like a red herring.

March 1st, 2015 8:35pm

A related thread from last year

http://answers.microsoft.com/en-us/windows/forum/windows8_1-performance/kernel-event-tracing-and-esent-errors-any-takers/6c353af1-4bc4-467f-8e36-053c362b65db?page=2

(Google search
install-manifest homegroup p2p site:microsoft.com
)

So that was serendipity because it has absolutely nothing to do with the tack that I was trying to research. ; }

The idea was that perhaps the reason that wevtutil doesn't know about Homegroup traces is that the Homegroup hasn't been installed correctly, in which case, what might be required was finding its manifests and using them.

Still lo

Free Windows Admin Tool Kit Click here and download it now

March 1st, 2015 10:17pm

Still haven't found how to control these but I accidentally clobbered them all by running the Homegroup troubleshooter.

March 4th, 2015 4:19am

This topic is archived. No further replies will be accepted.