DCSIMG
ETW – Consuming events - Ran Wahle's blog

Ran Wahle's blog

ETW – Consuming events

ETW – Consuming events

You may or may not have heard about ETW which is a powerful tool for event tracing, which
one of it’s most significant advantages is it’s performance . At the following SDP, You are more than welcome to hear Yaniv Rodenski and myself talk about it.

At this post I will demonstrate how to consume an event written by an application writes this
events. I will do so by creating Data Collector Set .
There are some ready-made providers for CLR, ASP.Net and more, however in order to simplify I’ve chosen to take a manifest-based application. In order to create it
you can read this post which describe how to do so step by step.

Create a data collector
A data collector is a trace listener for ETW that uses one or more ETW provider and writes
it’s / their events to a .etl file.

In order to have the data collector you can use a command line tool called logman or use the computer management tool. In here I’ll demonstrate the computer management tool:

1. Go to Computer management –> Performance –> Data Collector sets –> User defined

2. Write click –> Choose “New” –> Data collector set, this dialog box will open:

Data collector wizard - 1st screen

3. Name your data collector and choose “Create manually”  (and press “Next”)

4. At the next step, choose “Event trace data”

Selecting event data

5. After pressing next, we get to choose our provider (or providers)
   Here we choose the provider named “ExampleProvider” .

Choose ETW provider(s)

6. Now, back to the provider’s  screen, let’s make sure that the trace will capture events with the keyword set for our provider earlier. we do so by pressing the Keyword(any) 
property, pressing the “Edit” button and set the value to 0x8000000000000000.  

Set provider properties
 

7. Now we can select the event trace log (etl) file location. I’ve left the default

Select .etl file location

8. You can have the data collector run on different credentials than the default. |
We’ll leave it as is

Now we have our data collector set ready. Now all we have to do is two things:

1. Run it (Right click –> Start)


Start the data collector set 

2. Run our application

We will see a .etl file on the directory we’ve set earlier. This file is

Summary:

In this post I’ve shown how to create an ETW Data Collector set to consume an ETW Provider.  We’ve gone through all steps in defining the data collector set. This process works also for the classic providers already exist.

Next post, we'll dive into the .etl file and read our events.  

kick it on DotNetKicks.com
Posted: Feb 20 2011, 01:56 AM by Ran Wahle | with 2 comment(s) |

Comments

Ran Wahle's blog said:

SDP is coming soon, and we’re presenting another post on our ETW series. I’m taking the opportunity one again to come and hear Yaniv Rodenski and myself talk about it. On my previous post I’ve shown how to consume ETW data using Data collector sets. What

# February 22, 2011 3:53 PM

Ran Wahle's blog said:

SDP is coming soon, and we’re presenting another post on our ETW series. I’m taking the opportunity one again to come and hear Yaniv Rodenski and myself talk about it. On my previous post I’ve shown how to consume ETW data using Data collector sets. What

# March 3, 2011 10:50 AM
Leave a Comment

(required) 

(required) 

(optional)

(required) 


Enter the numbers above: