ATT data truncated

[XavierBoniface]

Issue:
On this PC, all ATT notifications received by the host are truncated when capturing Bluetooth HCI logs via WPR.

Notes:

• this is not an Ellisys import issue because we can already see in the .hci file directly extracted from the .etl file using BTETLParse.exe that the data is already truncated.
• this does not seem to be a BTETLParse.exe issue because, if running BTVS we see the same issue
• this is not an issue with the data being sent: the HID reports in those notifications are well received and interpreted by Windows, so, those ATT packets are complete (we should be able to see that in the air.btt log but here there was an Ellisys sniffer issue)

Let me know if you need additional logs or information.
etl.zip

[erikpe-msft]

This sounds like a policy that is By Design. By default, Windows truncates HCI logs containing "sensitive" content (e.g. HID reports and key material). The "Full Packet Logging" button in btvs bypasses this policy, for testing. This isn't well documented, so we'll update the documentation.

Could you try running btvs and clicking "Full Packet Logging", to see if you are able to collect the full logs?

A disclaimer on "Full Packet Logging": This setting is sticky. All future trace sessions (e.g. those initiated by btvs or wpr) will have full packet logging enabled. It's recommended to only enable this setting on test systems, in order to avoid accidentally tracing HID input or key material outside of a test scenario.

[XavierBoniface]

Thank you @erikpe-msft, clicking "Full Packet Logging" indeed fixed the issue.
Leaving this issue open still for now, as a reminder for you to document this feature. Thank you.