Menu
I am trying to wrap my head around ETW and how to integrate t into a high Performance application.
We all know the old dreaded EventLog with it's non structured (and thus not so optimal) API.
Now there is a new and fancy API for high performance tracing - ETW, and it got a new API on the .NET side in 4.5 in the form of the EventSource class that you can easily subclass (so no more manifest writing).
THis leaves me with a number of questions, trying to get this working.
What did I try? I got an EventSource working, but simply have failed to get the proper documentation on how to get the rest working Downstream from there.
721
Any application, including ASP.NET applications, can access the event log. Your applications will write information to the application log (rather than to the security or system logs). The . NET framework provides a class for handling the event log.
Open "Event Viewer" by clicking the "Start" button. Click "Control Panel" > "System and Security" > "Administrative Tools", and then double-click "Event Viewer" Click to expand "Windows Logs" in the left pane, and then select "Application". Click the "Action" menu and select "Save All Events As".
The WriteEntry method writes the given string directly to the event log; it does not use a localizable message resource file. Use the WriteEvent method to write events using a localized message resource file.
To change Event Viewer settingsClick Start, and point to Programs. Point to Administrative Tools, and then click Event Viewer. Right-click the appropriate log file (Application,Security,System,Directory Service, orFile Replication Service).
In August 2013, Microsoft.Diagnostics.Tracing.EventSource 1.0.4 beta released on NuGet. The three big wins are channel support, static (installed) manifest support (the two things required to get into the Event Viewer) and .NET 4.0 support.
According to the blog post announcing RTM, Microsoft.Diagnostics.Tracing.EventSource "enables fast app tracing to the Windows Event Log, including in production".
124
What you are trying to achieve is not possible due to the following;
To direct ETW events to the event log you’ll need to specify a channel of type Admin, Operational or some of the classic once like Application in the manifest and register it using wevtutil. Unfortunately you can’t use EventSource for this, even if you had a manifest, as the underlying implementation does not set the channel byte on the EventDescriptor block when calling WriteEvent e.g. your event is never marked for specific channel.
What EventSource does behind the scene to avoid the cumbersome process of registering manifest, compile it into win32 resource, link it to an assembly/dll, register it etc. is to generate a manifest from your EventSource implementation and send it as a known event to allow the receiving service to parse all other event payloads instead of relying on windows infrastructure to get the manifest information. To the best of my knowledge only PerfView supports this for now.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
