Reading ETW tracing using Event Viewer

12 באוקטובר 2009

tags: ,
one comment

I was looking for a tool to read ETW tracing data. It turned out that the tool I need is right under my nose. Event Viewer.

The problem was that ETW (using the logman tool) produces etl files that are not readable by Event Viewer. Fortunately there is a trick. I tried to load the etl file by Event Viewer using open saved log and it failed to load.

Event Viewer

I saved the etl file as an evtx file and now I could see the tracing data.

For WCF and WF you do not need the etl file. All you have to do is follow the following procedure:

  • Enable the analytic and debug logs.

    • In the tree view in Event Viewer, navigate to Event Viewer->Applications and Services Logs->Microsoft. Right-click on Microsoft and select View->Show Analytic and Debug Logs.

      Ensure that the Show Analytic and Debug Logs option is checked.

  • Enable the Analytic log.

    In the tree view in Event Viewer, navigate to Event Viewer->Applications and Services Logs->Microsoft->WCF->WF-Development. Right-click on Analytic and select Enable Log.

  • Activate a WCF service with tracing enabled and all the tracing data will be there.

    Add comment
    facebook linkedin twitter email

    Leave a Reply

    Your email address will not be published.

    *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    one comment

    1. Rajeesh30 בינואר 2012 ב 16:11

      is there any time delay exist between ETW writnig and reading?
      i have a code that write event using EventWrite() and reading using EvtNext().
      But EvtNext() failed to collect the events that i have write previously called EvtWrite(). if i add a Sleep(500) it is fine. why??

      Reply