Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ETW tracking from .net, user mode and driver

We have an application that parts of it are in .net, c++ usermode and C++ drivers. The application is divided into several executables that run on demand and communication with each other using LPC(the processes run in different sessions(winlogon)).

Currently We have a home written logging service to which .net and c++ usermode communicate by sending LPC messages. The driver uses DbgPrint and is not always enabled, as it causes the code to run 30% slower(we have lots of logging).

I want to have all the logs written in one place and preferably not writing the logger myself(I love log4cpp and log4net). The requirement is to write from all the executables and drivers into one place and to have minimal overhead.

I have read that ETW is way to go, however I wasn't able to find already written logger that uses it like log4cpp or log4net.

So basically my questions is, do you know if there is already implemented ETW appender for log4cpp and log4net I can use ?

like image 251
Jack Juiceson Avatar asked Feb 26 '10 12:02

Jack Juiceson


1 Answers

Here is a sample implementation of ETW .NET. This is not ETW for log4net. Hope this helps.

http://naveensrinivasan.com/2010/03/17/using-clr-4-0-event-tracing-for-windows-etw-along-with-application-etw/

like image 182
Naveen Avatar answered Oct 04 '22 20:10

Naveen