Environment
Microsoft Windows: All Supported Versions
Objective
Enabling CAPI2 Windows Logging
Resolution
Enable CAPI2 Logging:
- Open the computer management console by entering in the Start->Run box: compmgmt.msc /s
- From the console object tree (left side) expand Event Viewer -> Windows Logs -> Applications and Services Logs -> Microsoft -> Windows -> CAPI2 select Operational.
- From the actions section (on the right pane), select "Enable log". (if logging is already enabled, you will only see "Disable log" in actions section)
- If logging was already enabled, and you have already reproduced the issue, proceed to save existing logs
- If logging was not enabled previously, reproduce the issue you are encountering. If encountering a sensor/agent communication issue, wait 5 minutes and then save logs. Sensor/agent communications retries will happen within 5 minute interval.
Save and Disable CAPI2 Logging:Save and disable the CAPI2 logs:
- In Event Viewer, right click "Operational"
- Select "Save All Events As"
- Fill in name, save as type: Event Files (.evtx)
- Select "Display information for these languages"
- Select "English"
- Click "Ok"
- (optional, if it was disabled previously) Right click "Operational" and choose "disable log"
