sccm: dcm (desired configuration management) logs

just something to capture dcm logs and their purpose.

name		purpose
discovery.log		functions of discovery (wql select statements, registry lookup, etc)
dcmagent.log		overall dcm agent activity
ciagent.log		activity for managing ci baselines (downloading, accessing, etc)
sdmagent.log		activity for managing configuration items (downloading, accessing, etc)
sdmdiscagent.log		overall discovery activity (not helpful)
smsclrhost.log		references loading the sdmdiscagent.xml (not helpful)
eventlogforwarder.log		activity regarding non-compliant items that are flagged to log an event (for monitoring use)

i marked the one in red that has the most value.  the others, while useful for showing activity in case you want to know if dcm is even working or not, has very little use outside of that.  i found that discovery.log has most of the magic.  for example, this is a snippet of log entry which indicates the exact query issued to the system:

DiscoveryProvider:Discovery Function query('select Version from cim_datafile where name = "c:\\windows\\vmmreg32.dll"','root\cimv2'): Object count final: 1. 

as you can see, now it's easy to use wbemtest, powershell, wmic, etc to run the query against the system directly to see how it works.  the dcm model verification tool, while cool, doesn't show you this level of detail.