Halton Meter logs to plain files under %USERPROFILE%\.halton-meter\,
one pair per Task Scheduler task (stdout + stderr). The daemon and edge
use structlog with ISO-8601 UTC timestamps and dotted lowercase event
names — same convention as macOS and Linux.
No log goes to the Windows Event Log; no log leaves the machine.
On-disk layout
| File | Process | Source |
|---|---|---|
%USERPROFILE%\.halton-meter\daemon.out.log | daemon | stdout |
%USERPROFILE%\.halton-meter\daemon.err.log | daemon | structlog stderr |
%USERPROFILE%\.halton-meter\edge.out.log | edge | stdout |
%USERPROFILE%\.halton-meter\edge.err.log | edge | structlog stderr |
There is no watchdog process on Windows in phase 0 — Task Scheduler’s
ONLOGON trigger is the supervisor. So no watchdog.*.log either.
There is no userenv.*.log because env-var propagation happens
inline during init (via HKCU\Environment + WM_SETTINGCHANGE).
The .err.log files are the interesting ones — that’s where structured
events land. The .out.log files are mostly empty.
Rotation (v0.2.9+)
Daemon logs rotate at 100 MiB with 5 backups
(RotatingFileHandler). When daemon.err.log reaches 100 MiB, it’s
renamed to daemon.err.log.1, the previous .1 becomes .2, and so
on. After 5 backups the oldest is deleted. Same applies to
daemon.out.log, edge.err.log, edge.out.log.
Total worst-case footprint per stream: 100 MiB × 6 = 600 MiB. With
both daemon and edge: 1.2 GiB. Plenty of room for forensic work
without runaway disk usage.
Tailing live
PowerShell’s Get-Content -Wait -Tail is the equivalent of tail -F:
PS> Get-Content -Wait -Tail 50 $env:USERPROFILE\.halton-meter\daemon.err.log
PS> Get-Content -Wait -Tail 50 $env:USERPROFILE\.halton-meter\edge.err.logRun each in its own Windows Terminal tab so you can read both streams during a live capture session.
Event-name convention
Same as macOS and Linux — see the Logs page for
the full list and grep recipes. Useful Windows-specific events emitted
from daemon/halton_meter/system_proxy/_windows.py:
| Event | Meaning |
|---|---|
system_proxy.windows_apps_mode.enabled | Apps-mode proxy + cert + env successfully applied during init |
system_proxy.windows_apps_mode.enable_failed | init could not finish applying the proxy / env / cert; details in same row |
system_proxy.windows_apps_mode.disabled | uninstall cleared the registry / env / tasks |
system_proxy.windows_apps_mode.proxy_reset | halton-meter reset-proxy restored the prior registry state |
system_proxy.windows.broadcast_failed | WM_SETTINGCHANGE SendMessageTimeoutW returned an error code |
system_proxy.windows.registry_write_failed | HKCU Internet Settings write failed (Group Policy, ACL, or wrong hive) |
system_proxy.windows.snapshot_failed | Could not write system_state.json snapshot |
system_proxy.windows.restore_failed | uninstall could not restore the prior snapshot |
system_proxy.windows.setenv_failed | HKCU\Environment write or broadcast failed |
system_proxy.windows.unsetenv_failed | uninstall could not remove an env var from HKCU\Environment |
cloud.worker.sync_paused | Sync paused; paused_reason in the same row |
addon.body_capture.skip | Body capture skipped (> 4 MiB; v0.2.10) |
The grep pattern system_proxy.windows matches every Windows-specific
proxy event in one shot.
Quick recipes
# Did init's Windows apps-mode step succeed (or fail loudly)?
PS> Select-String -Path $env:USERPROFILE\.halton-meter\daemon.err.log -Pattern "system_proxy.windows_apps_mode"
# Every Windows-specific proxy event in the last 100 lines
PS> Get-Content $env:USERPROFILE\.halton-meter\daemon.err.log -Tail 100 | Select-String "system_proxy.windows"
# How many request bodies were skipped for being too large?
PS> (Select-String -Path $env:USERPROFILE\.halton-meter\daemon.out.log -Pattern "body_capture.skip").Count
# Last cloud sync result
PS> Select-String -Path $env:USERPROFILE\.halton-meter\daemon.err.log -Pattern "cloud.worker" | Select-Object -Last 5
# Loopback bind guard fired?
PS> Select-String -Path $env:USERPROFILE\.halton-meter\daemon.err.log -Pattern "loopback"See also
- Logs (macOS) — full event-name convention
- Troubleshooting (Windows) — when the logs are showing something concerning
halton-meter doctor— runs every diagnostic in one command