Friday, December 6, 2019

Restrict Windows CBS.log verbosity, set log level, stop hectomegabyte info madness


On Windows 7 (Home Premium 64 Bit), hundreds of megabytes of logging that nobody will ever care to read are written to C:\Windows\Logs\CBS\CBS.log. Take a look, we're counting the lines here:


$ dir C:\Windows\Logs\CBS\CBS.log
03.10.2015 16:21 726.097.704 CBS.log
$ findstr /b 2015- C:\Windows\Logs\CBS\CBS.log | find /c ", Info"
2990118
$ findstr /b 2015- C:\Windows\Logs\CBS\CBS.log | find /c /v ", Info"
102

In straight words, the CBS logfile (CBS is short for Component Based Services, alias Trusted Installer, see Understanding Component-Based Servicing, Apr 2008, Microsoft Technet) at the moment takes up 700 MB, 200 of which written in the last 30 minutes, with the first entry stemming from 9 days ago.


Altogether that's close to 3 million entries, and almost the entirety of it at loglevel Info. Mind you, this is a human-readable log file format, apparently not for machine processing. Don't know about you, but the notion that I should bother to take account of 3 million lines of Info by default strikes me as bordering on the absurd.


I want this to stop because the disk and CPU activity serves no purpose other than needlessly slowing the system down.


So: How do I set the log level to Warning or Error? Where is this documented?


Plus: Imagine that instead of wading through hundreds of megs of Info (for little more than a week) you'd only keep the ~100 Error lines? Wouldn't that just make sense and actually provide clues in troubleshooting? You'd then still have the option to turn on Info in case a non-obvious installation problem arises.


Update:


Reading the comments, it seems I didn't word my question with sufficient clarity. I am not asking how to filter the humungous log file using command line utilities - because I already know how to do that. I am also not asking how to deal with the log files in the way of log rotation - because Windows will do that on its own when the file reaches some unknown threshold (although you'll find people asking why the file reaches 20 gigs). What I am asking is simply how to stop this crazy hectomegabyte logging from occurring in the first place, probably by setting the log level to something higher than Info. I just can't find the documentation on how to set the log level, possibly because it doesn't exist publicly. But there must be a way because any decent software provides a way to set the log level.


Update 2:


See the answer given. The registry setting seems to take effect and shut the log up, completely. Which is okay and a much better default than the current one. In order to make the registry edit, you need to fix permissions - see appendix.


Appendix: Permissions on Component Based Servicing registry key


When you try to set EnableLog to 0, you'll probably notice that you don't have write access to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing and stuff below it. You need to go "Edit » Permissions" in regedit and then take ownership before being allowed to make edits:


Take ownership and grant yourself write permission


Answer



As a partial answer here's the setting to stop logging altogether: in the registry, navigate to


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing]

and set EnableLog 0. Source: https://technet.microsoft.com/en-us/library/cc732334%28v=ws.10%29.aspx#CBS


No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...