Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > FIM: configuring driver without LEM WebConsole

FIM: configuring driver without LEM WebConsole

Created by Randall Harwood, last modified by MindTouch on Jun 23, 2016

Views: 1,197 Votes: 2 Revisions: 7



There are several parameters at our disposal to leverage FIM driver.  Under certain circumstances (e.g. customer requirements to fine-tune the driver's default behavior) we need to alter these parameters with more of a hands-on approach.


  • Before we go in details, few notes to remember:

    1) FIM driver's entire configuration resides inside Windows Registry in following Registry Key:


    The quickest way to change driver's parameters is to work directly with Registry via Windows Registry Editor. Although only the driver Registry Key will be affected you should exercise caution when working with Registry.

    2) Advise backing up (Exporting) whole driver key before editing it.

    3) Administrative privileges required to change Registry.



  1. List of FIM driver parameters

    The following parameters appear as Registry Keys inside the driver subkey. They may or may not be appear in Registry (default values are not visible in registry):





    Value assigned by agent (default)



    Controls the size (in Kb) of buffer allocated in memory prior to store data before writing it into the log file




    Driver output directory for storing File System logs (FIM File and Directory Connector reads this directory). Do not edit this value manually!




    Driver output directory for storing Registry logs (FIM Registry Connector reads this directory). Do not edit this value manually!




    Controls timer for writing data into logs after periods of time.




    Sets maximum size (in Mb) log files can reach before writing to another log file




    Sets maximum size (in Mb) log folder can reach before rotating logs (remove old logs to free space for new ones).




    Stores watched files and directories names as well as tracked operations and mask. Do not edit this value manually!

    (depends on connector config)



    Stores watched registry keys and values names as well as tracked operations and mask. Do not edit this value manually!

    (depends on connector config)

    * Values in italics do not appear in Driver Registry Key (defaults used).


    Additionally few more important values located in Driver parent key:







    Controls driver behavior on agent machine boot. Corresponds to "Enable Driver on Agent Startup" in LEM WebConsole.

    0x2 – auto-load on OS boot

    0x4 – do not load on OS boot



    Stores version of current driver installed. LEM 6.1.0 agent comes with


Details on parameters:

FSLogFileLocation & RegLogFileLocation are preset with location that matches that listed in FIM Connector in Web Console. While it is possible to change this value by hand we advise against it. In case you require FIM log folders to change you should follow separate procedure. 

From LEM User Guide:

To manually change the log file location:

  1. Enter or paste the correct path in the Log Directory field.
  2. Stop the Agent.
  3. Manually update the Agent's spop.conf property:
    for a file and directory connector. This appears as %SystemDrive%\\Mylocation\\FileSystem in the config file.
    for a registry connector. This appears as C:\\My other log location\\Registry in the config file.

4. Restart the Agent.

MaximumLogFolderSize indicates maximum space FIM log directory can take. Once this size is reached oldest log file will be removed for newest log folder to take its place. The default is 2Gb size. Note that this value should be at least 5 times greater than maximum of single log file size (or MaximumLogFileSizewhich be default is 5 Mb. In case this condition is not met, driver will disregard registry value and assign value matching this criterion. Generally it's better to keep the file size at default (small files put pressure on file writes and log reader; big ones are cumbersome to deal with).

FSWatchElementList & RegistryWatchElementList should not be edited by hand. Leave these to Connector configurations done via Web Console (or check below for more info).

LogFlushTimeout handled the timer on which FIM flushes collected data from buffer into the file. Driver performs the writes on either of conditions:

  • Buffer is filled with events (high load of occurring events)
  • On timer (useful when load is small and buffer fills up slowly)

This behavior was introduced to reduce driver's impact on OS (frequent writes put pressure on disk therefore the timer while we still require quick reaction when event load is high therefore the buffer flush). Note: 10 seconds is default and minimum allowed for the LogFlushTimeout.


How to set or change Registry values of FIM driver

  1. Stop the FIM driver on agent machine (WebConsole's Manage->Nodes->FIM driver Control dropdown)
  2. Login to agent machine with admin user
  3. Stop agent service
  4. Start Registry Editor (Run->regedit)
  5. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SWFsFltr\Parameters
  6. Change or add any required parameter by creating correctly named Registry Value with matching type and assigning necessary value (see above)
  7. Save changes
  8. Start agent service and start FIM driver

From this point, changes should apply with driver acting in accordance to set parameters.


Last modified