time-clock-circle multiple-users-1 bin-paper-1 smiley-indifferent view-off alert-diamond envelope-letter rating-star network-browser pencil-write ticket-1 button-record headphones-customer-support close synchronize-arrows-1 common-file-stack close-quote arrow-down-2 multiple-circle attachment-1 folder-file-1 disable smiley-indifferent shield-warning love-it smiley-smile-1_1 check-circle-1 time-clock-midnight floppy-disk view smiley-unhappy book-star lock-unlock-1 arrow-right-1 archive smiley-unhappy send-email-1 hierarchy-9 open-quote add-circle-bold search remove-circle cog-1 filter-1 hyperlink-2 analytics-pie-2 flying-insect-honey navigation-menu-horizontal pencil-1 smiley-thrilled check-1 arrow-up-1 lock-2 navigation-menu add layout-module-1 archive arrow-left-1 wench arrow-down-1 multiple-neutral-1 expand-6 close drawer-send alarm-bell-1 social-media-twitter keyboard-arrow-up ticket-1 copy-paste rating-star download-thick-bottom information-circle smiley-sad-1 single-neutral-actions remove-square-1 file-code pencil-1 keyboard-arrow-down smiley-sad-1 cog single-neutral add-circle move-to-top list-bullets expand-6 undo tags-double smiley-happy view-1 messages-bubble-square print-text add-square smiley-happy credit-card-1 envelope-letter diagram-fall-down
Enterprise
Customer Portal
All Categories / Under the Hood / Reading the Diagnostic Level Log

Reading the Diagnostic Level Log

With regard to these trace statements:

DIAG - 2018-03-12 14:10:44.484 7668 Analyzing: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2379\Previous Files\02 Math and RNG\01 Vols\Touchdown Roulette.txt (0,478)[F,F] [0]

 

First DIAG statement indicates "Analyzing

- after the filename are two numbers in parenthesis (page_offset, page_length)  

- the values in braces will be T or F. The first indicates if a verify operation is required, and the second indicates if VRef (Index1) entry was found. If either are T the files will be processed.  

- In this case [F,F] indicates no further processing required.

- The finale [0] is the USN journal entry value, in this case a zero value means no USN is used (i.e. no -maxf parameter on the archive command)

DIAG - 2018-03-12 14:10:44.625 7668 Analyzing: \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2379\Previous Files\02 Math and RNG\01 Vols\Touchdown Roulette.txt(10.3 KB)[T,T] [0]

DIAG - 2018-03-12 14:10:44.656 7668 *** Pre-Processing alternate StreamId=0x8 (1012 bytes)DIAG - 2018-03-12 14:10:44.656 7668 *** Pre-Processing alternate StreamId=0x9 (8 bytes)DETAIL - 2018-03-12 14:10:44.656 7668 Archived-> Y:\Previous Files\02 Math and RNG\01 Vols\Touchdown Roulette.txt (10.3 KB) A-----ZL-O- [L] 10589 (0) bytes archived 31ms (333 KB/sec).

 

The second DIAG statement indicates "Analyzing"  

- In this case [T,T] indicates verify required and no VRef entry, so the file will be processed.  

- StreamID = 0x08 is a REPARSE Stream  

- StreamID = 0x09 is a BACKUP_SPARSE_BLOCK  

- both are valid stream types as long as the BACKUP_SPARSE_BLOCK has a length under 8MB which in this case it does, 8 bytes.  

- the file is subsequently archived and '[L] 10589 (0) bytes' means the final data was linked to an existing blob, 10589 is the size, and (0) is the number of bytes stored.  

- the attributes 'A-----ZL-O-' indicate" 

A - Archive attribute

D - Directory

T - Temp file

S - System attribute

H - Hidden attribute

R - Read only attribute

Z - Sparse file

L - Reparse point

C - Compressed file

0 - Offline (stubbed) file

I - Do not content index

 

So in this case the files is: Read for archiving, Sparse, Reparse, and Offline. If this is a new stub, then this is expected behavior. If the same files keeps getting archived, then there's some issue.

DATASTORâ„¢
Enterprise Contact Us
Knowledge Base Software by SupportBee