How to enable Container (AAV) logging

Save to PDF

Applies to: Cloudhouse Compatibility Containers

10/06/2019 Cliff Hobbs

Purpose

The purpose of the article is to detail how to enable logging for AAV, which by default is disabled.

Background

Enabling logging for AAV can help identify problems with applications running in Cloudhouse Compatibility Containers™. 

Release 1904 introduces several changes to both the way logging is enabled and the information captured in the logs.

Note

See the How to enable AAV logging in releases prior to 1904 section of this article for details of how to enable AAV logging if you are using 1903 or an earlier release.

Any logs generated by AAV are created in the following folders, regardless of the release:

  • On Windows 7 and later: %LocalAppData%\Cloudhouse\Logs
  • On Windows XP: %UserProfile%\Local Settings\Application Data\Cloudhouse\Logs

Each time AAV runs, two logs are created:

  • Log for AppAcceleratorV – Which is output to reversedate-time-PID-AppAcceleratorV.log (for example 20190425-113000-000600-AppAcceleratorV.log).
  • Log for the child process(es), redirected by AAV – Which is output to reversedate-time-parentPID-PID-ExecutableName.log (for example 20190425-113000-000600-002820-MyApp.log).

Starting in release 1904, the AAV log for child processes includes the following columns:

ColumnDescription
TIMESTAMPDate and time the log file entry was written.
TIDThread ID that generated the log item.
LOG TYPEDefines the type of log entry:
  • INFO – Contains general information such as a file was redirected.
  • ERROR – Generated when the Windows API function fails.
  • DEBUG – Used to show the information mainly by developers and is used to record information on how AAV is running.
CATEGORYCategories represent the area each API belongs to. For example File or Registry. Categories also have subcategories such as Redirected or NotRedirected.
See List of Cloudhouse Container Log File Categories for a complete list.
FUNCTION:LINEThe function that generates a log event message. It will often be a Windows API, although internal AAV functions generate their own log events.
FROMThis will usually be the from/original name. For example the filename, registry key, and so forth.
TOWill usually be the virtualised name (filename, registry). It can also be blank to indicate the original name has remained the same.

Note

For application logging, where we virtualise from one location to another the FROM/TO fields are populated. However, FROM may just be used to record details of an API accessing a location that is not virtualised (for example registry access to a non-virtualised path). 
The FROM/TO fields may also be blank where a location/object isn't virtualised, but we want to record a log event (the message will contain details of the event). For example, the NotWow64Process virtualises the Windows API PrintDlg and we record just the information about this occurring.
MESSAGEThis is additional information relating to the function generating the log event (for example other parameters), which means this is different for each function. For example, for FILE API's it could be the desired access. For COM, it could be the class registration.
ERROR (CODE)If an error occurs, the error code generated is displayed.
MESSAGEThe error message associated with the error code.

Note

In the 1904 release, the log file format has only been updated for the child process log and not for AAV itself, which may be updated in a later release.

Step-by-step process

See the relevant section for details of how to enable AAV logging:

How to enable AAV logging in 1904 and later

To enable logging in release 1904 and later:

  1. Navigate to the appropriate Container folder.
  2. Open AppAcceleratorV.clc in a text editor (such as Notepad++).
  3. Create the AAV tag as shown below and set the value for Log to one of the following, depending on the level of logging required:
    • Off – The default, where logging is disabled.
    • On – Only high-level APIs are logged. There is no nesting of log entries/logging of any lower level API calls. For example, when you create a file, the CreateFile API is called. This, in turn, calls the lower level API NTCreateFile. With logging set to On, you will not see entries for the lower-level APIs called such as NTCreateFile in our example.
    • Verbose – All entries, both high-level and low-level API calls.
<AAV Log="<value>"

Note

See the Example Log Entries section of this article for examples of the actual log entries created when logging is set to On/Verbose.

  1. Save AppAcceleratorV.clc

Example Log Entries

If AAV logging is set to On, only higher level APIs are logged. For example:

11:22:38.947    0000DED8    Info    File-NotRedirected    chCreateFileW:41    "C:\Windows\Fonts\staticcache.dat"    ""    ""    ""
11:22:38.949    0000DED8    Info    Registry-NotRedirected    chRegOpenKeyExW:33    "SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback"    ""    ""    ""

If AAV logging is set to Verbose, both higher level and APIs are logged. For example:

11:18:19.384    00007054    Info    File-NotRedirected    chNtCreateFile:23    "\??\C:\Windows\Fonts\staticcache.dat"    ""    ""    ""
11:18:19.384    00007054    Info    File-NotRedirected    chCreateFileW:41    "C:\Windows\Fonts\staticcache.dat"    ""    ""    ""
11:18:19.385    00007054    Info    Registry-NotRedirected    chNtOpenKeyEx:56    "SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback"    ""    ""    ""
11:18:19.385    00007054    Info    Registry-NotRedirected    chRegOpenKeyExW:33    "SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback"    ""    ""    ""

How to enable AAV logging in releases prior to 1904

To enable logging in releases prior to 1904:

  1. Navigate to the appropriate Container folder.
  2. Open AppAcceleratorV.clc in Notepad++.
  3. Create the AAV tag as shown below and set the value for LogExe and LogDll to Full or Error depending on the level of logging you require:
    • Configuring logging for LogExe logs the parent process, e.g. AppAcceleratorV.
    • Configuring logging for LogDll logs the child process(es), redirected by AAV.

For example:

<AAV LogExe="Full" LogDll="Full">

4.    Save AppAcceleratorV.clc

Warning

Configuring AAV logging for a 1904 (or later) Container using the above process will result in no logs being generated. No errors or warnings will be displayed to highlight the incorrect configuration. These tags are just ignored. Make sure you follow the process in the How to enable AAV logging in 1904 and later section if you want to enable logging for a Container created in release 1904 or later.

Backwards compatibility

Use of PackageId to enable AAV logging is still supported (even in 1904 and later versions). For example:

<AAV PackageId="thisismyid" LogExe="Full">
Source:
Was this article helpful?

Table of Contents

    Can't find what you're looking for?

    Contact Support