-
Notifications
You must be signed in to change notification settings - Fork 20
Using LogMan for ETW Tracing
LogMan is a command-line program in Windows that controls ETW tracing. You should definitely read all about using Logman, but we are going to focus on getting our data out of it.
First, we will need the GUID for our provider. If we haven't installed the manifest for our provider, LogMan won't understand the name, so we will at least need the GUID to identify it. See Getting the EventSource Manifest or GUID for more inforamtion.
Let's create a new trace session:
logman create trace CalculatorTrace -p {5534a855-95dc-5099-33e3-5b8e79fed6fa} -o c:\temp\calc.etl
This creates a new session called CalculatorTrace that will log to file c:\temp\calc_000001.etl. Note the curly braces around the provider GUID. If you forget them, LogMan will fail with a cryptic error message.
Now we can start and stop the session:
logman start CalculatorTrace
# run your program here
logman stop CalculatorTrace
At this point you will have an .ETL file with your data in it. It's hard to read, so we will extract some data out of it with the tracerpt tool.
tracerpt c:\temp\calc_000001.etl
This will generate a summary.txt and a dumpfile.xml. You can then parse the data any way you want.
LogMan will register your trace with Performance Monitor. Go ahead and open up Performance Monitor and go to Data Collector Sets -> User Defined. You should see CalculatorTrace there. You can use the PerfMon UI to manage the schedule, security, active Trace Providers, buffers, etc., or you can do it from the command line.
You can delete your trace from PerfMon or use LogMan:
logman delete CalculatorTrace
It's great that ETW has all of these tools, but you log your data to flat files and databases, right? ETW can do that to. See Using EntLib6 ETW Listeners for listener goodies!