Changing the size of the MSMQLOG.BIN logging file in MSMQ

  • Article

As you may know, MSMQ has internal error logging enabled by default and outputs to a file called MSMQLOG.BIN in the %windir%\debug directory.

The file, as the extension hints at, is in a binary format (unlike MSMQ 2.0) and so cannot be read by simply opening it in Notepad. Instead the file has to be sent to Microsoft support services to be formatted and analysed. Due to the nature of the content (internal function references, etc.), you may not get to see the text output.

The logging can be enabled or disabled using the MQTRACE script which you can download from my blog. This allows some basic control, such as being able to raise the default logging level from "Error" (just logging errors) to "Information" (logging everything).

For example, to enable Information level logging you would carry out the following steps:

  1. MQTRACE -STOP
  2. MQTRACE -START -INFO

and when you have finished:

  1. MQTRACE -STOP
  2. MQTRACE -START

to set logging back to the default.

Note that the size of the MSMQLOG.BIN file is limited to 4MB. Once the file is full, it starts to overwrite itself in a circular fashion (when full, writing from the end, back to the start and on through the file again). This isn't too much of a problem when you are logging just errors but full logging can fill the file pretty quickly. This can result in the information you want to capture being lost before you have time to disable logging.

MQTRACE uses a program called LOGMAN.EXE to set the way MSMQ performs logging. This program has a lot of options you can pass it as parameters but we only need a few. For example, to set a 50MB log file:

logman create trace msmq -max 50 –f bincirc -o C:\WINDOWS\Debug\msmqlog.bin –ets 

which can be explained as follows:

  • Create Trace (this is the Verb used to create a tracing collection, rather than one for counters)
  • MSMQ (name of the collection)
  • -Max 50 (maximum log file size in megabytes)
  • -f bincirc (the log format; bincirc means circular binary file, as explained above)
  • -o {path}  (location of the file to contain the logging)
  • -ets (send commands to Event Trace Sessions)

You should see the following output if the changes were successful:

C:\temp>logman create trace msmq -max 50 -f bincirc -o C:\WINDOWS\Debug\msmqlog.bin -ets

Name: MSMQ
Age Limit: 15
Buffer Size: 8
Buffers Written: 1
Clock Type: System
Events Lost: 0
Flush Timer: 0
Buffers Free: 2
Buffers Lost: 0
File Mode: Circular
File Name: C:\WINDOWS\Debug\msmqlog.bin
Logger Id: 3
Logger Thread Id: 2780
Maximum Buffers: 25
Maximum File Size: 50
Minimum Buffers: 3
Number of buffers: 3
Real Time Buffers Lost: 0 

 

As I mentioned, though, MQTRACE.CMD uses LOGMAN so as soon as you run the script, any changes you made manually at the command prompt will have been overvritten. If we look in the script using Notepad, we find the (most important) LOGMAN command is:

logman %tracecommand% %log_session_name% %mqRealTime% -pf %msmqtracecfgfile% %tracefilepathcommand% %tracefilemodeoptions% -ets

which makes use of memory variables defined elsewhere in the file.

Near the beginning of the script, you will find: 

set mqBinaryLog=%windir%\debug\msmqlog.bin
set mqTextLog=%windir%\debug\msmqlog.txt
set log_session_name=msmq
set msmqtracecfgfile=%windir%\debug\msmqtrc.ini
set msmqtracesessionlog=%windir%\debug\msmqtrc.log
set loggingrunning=
set mqRealTime=
set tracecommand=start
set tracefilemodeoptions=-f bincirc -max 4
set tracefilepathcommand=-o %mqBinaryLog%
set IsWinXP=0
set TmpVerFile=%tmp%\osver.txt

The final LOGMAN command generated this way is pretty similar to the one I detailed above. You may want to edit MQTRACE.CMD and set the variables directly so you can, for example, set the "-max" parameter to 50.

Notes

  • check you have a recent version of Logman.exe. If you run "Logman /?" at the command prompt and the on-line help doesn't have an "-ets" option then you want to find a newer build.
  • if the reports shows something like "{some path}\msmq.etl" for File Name instead of what you typed in then check the path is valid.
  • if the changes don't get applied, you may need to run "Logman delete msmq" to remove an existing collection before trying again.