cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Tez_t
Level 7
Report Inappropriate Content
Message 1 of 9

MCLOGs ETW trace issues

There are various issues widely reported when the trace process runs with excessive I/O (reads/writes) to
the  ...\ProgramData\McAfee\MCLOGS\ETW\mclogs.etl, and worse, it's of considerable duration.
On my system it interferes with other processes for example it blocks midi input via a usb
midi device while it's running.

1. Is this trace necessary?
2. Can it be suppressed? Or
3. Since many are have reported issues, is there a fix or a workaround?

Any info would be appreciated...

8 Replies

Re: MCLOGs ETW trace issues

Hello  

It looks like extended log collection is enabled on your PC. Please follow the below steps and see if it helps 

  1. Run Mclogcollect.exe using the link http://us.mcafee.com/apps/supporttools/mctrace/mclogcollect.asp
  2. If you notice the tool tracing the logs, click STOP button to stop the tracing
  3. Wait for logs to be dumped in Desktop. Once complete you can delete the MCLOGS.zip file from Desktop
  4. Again, attempt to run the Mclogcollect.exe. You will see a list of option, uncheck enable verbose and click on red X at the top right to close
  5. Observe the PC for a while and post back the status 

    Regards,

    Siddharth.R

Tez_t
Level 7
Report Inappropriate Content
Message 3 of 9

Re: MCLOGs ETW trace issues

Thanks for the reply but... It hasn't happened for a while and when it does it's easy to detect via the resource monitor on high disk activity, which is the symtom it's running, and I found a workaround which cancels the trace.  

Before I download & run any tools with which I'm not familiar, I've got 3 questions:

1. Exactly what is the purpose of the exercise?

2. How will this help?

Last:

3. Is there simple direct way to determine if extended log collection is enabled, or is this a McAfee internal only revealed  by support tools?

Forgive my reticence, but past experience gives me pause, no software is perfect, and the info would be helpful since at the moment there's no urgency.

Many thanks again...

 

Re: MCLOGs ETW trace issues

Below are few information about ETW log collection

1.Exactly what is the purpose of the exercise :-

 Event Tracing for Windows (ETW) provides the ability to start and stop event tracing sessions,   instrument an application to provide trace events.

2.How will this help :-

  We can use the events to debug an application and perform capacity and performance analysis. 

3. Is there simple direct way to determine if extended log collection is enabled, or is this a McAfee internal only revealed  by support tools?

 Unfortunately there is no direct method due to the nature of log collection.

 Thanks and regards,

  Siddharth.R

Tez_t
Level 7
Report Inappropriate Content
Message 5 of 9

Re: MCLOGs ETW trace issues


@siddharth_r wrote:

Hello  

It looks like extended log collection is enabled on your PC. Please follow the below steps and see if it helps 

  1. Run Mclogcollect.exe using the link http://us.mcafee.com/apps/supporttools/mctrace/mclogcollect.asp
  2. If you notice the tool tracing the logs, click STOP button to stop the tracing
  3. Wait for logs to be dumped in Desktop. Once complete you can delete the MCLOGS.zip file from Desktop
  4. Again, attempt to run the Mclogcollect.exe. You will see a list of option, uncheck enable verbose and click on red X at the top right to close
  5. Observe the PC for a while and post back the status 

    Regards,

    Siddharth.R


I appreciate your help but the exercise is not entirely clear to me.

Step 1. Is there an option that needs to be selected, if so what? I  beleive there are 3 : Trace, Boot Trace and Collect logs (no trace)? Also what initiates the collection session?

Step 2. I assume checking for log  file tracing is via the resource monitor?

Step 3. Is obvious... but I presume only if the Mclogcollect.exe  is run from the desktop?

Step 4. I assume The Options screen launches when you click Options from the main user interface screen of Mclogcollect.exe tool?

Step 5. By "Observe the PC for a while" do you mean prior to clicking the "STOP button", and  what do you mean by "status", the single .zip file MCLOGS.zip?

It would be nice if there was formal documentation for the tool with screen shots, but I couldn't find any just an article. I can only run this tool if I know precisely what steps should be taken.

Thanks again,

Tez_t

 

Reliable Contributor selvan
Reliable Contributor
Report Inappropriate Content
Message 6 of 9

Re: MCLOGs ETW trace issues

Tez_t
Level 7
Report Inappropriate Content
Message 7 of 9

Re: MCLOGs ETW trace issues

Thank you Selvan, I have a printed copy of the first article, the second is highly illuminating it definitely indicates that the tool should be used with caution, for specific scenarios, and has the potential to change the state of the system, which if not properly restored could have a negative impact, for example a failure to disable verbose logging if enabled for a session.  

Moreover the original issue doesn't appear to conform to any of the scenarios as it concerns the ETW trace performance, and I'm not sure of the relevance of this tool for this issue. Further to suggest arbitrarily running this tool without prior expertise or very precise steps to be taken in the context of a specific issue, which in this case may not be appropriate, seems to me extreamly ill advised.

In light of this I'm grateful you gave the reference to the second article...

Reliable Contributor selvan
Reliable Contributor
Report Inappropriate Content
Message 8 of 9

Re: MCLOGs ETW trace issues

Generally we Tech Support makes extensive use of log collection tools to troubleshoot an unknown issue. The logs collected will help us to narrow down the root cause of a problem. The general practice here is to disable the tools and/or changes that were made to the PC post troubleshooting. On that note do you recall working with Tech Support earlier? It will help us understand the situation better.

 

Tez_t
Level 7
Report Inappropriate Content
Message 9 of 9

Re: MCLOGs ETW trace issues

Thankyou Selvan, I do appreciate the necessity for logs, having used them for toubleshooting in a professional capacity many, many moons ago! Any McAfee Tech Support help received earlier,  did not require any tool use, or to provide any logs.

As previously mentioned for this "particular issue" the ETW trace itself, it  is not clear what steps precisely, pre and post toubleshooting , should be taken. For example on the main screen there are 3 options, which one should be selected, Trace? This would be a first time run on a 64-bit w10 system, will it prompt a reboot? Is verbose logging  on by default or is this an artifact of the issue? And so on...  

Regardless as prevoiusly mentioned I found a workaround which cancels the ETW trace, when I  detect it during the course of other activities engaged in, that the ETW trace interferes with.

Issues with thie ETW trace have been widely reported and should be able to be independently investigated without any logs I could provide, and as at the moment there's no urgency, I have no intention to arbitrily run this tool on my system with any potential risks it might involve.

Regardless once again thanks for your response...