Menu
Are performance counters part of ETW? If not, what is the difference between the two?
496
Windows Performance Counters provide a high-level abstraction layer that provides a consistent interface for collecting various kinds of system data such as CPU, memory, and disk usage. System administrators often use performance counters to monitor systems for performance or behavior problems.
Performance counters are bits of code that monitor, count, or measure events in software, which allow us to see patterns from a high-level view.
In the navigation pane, expand Monitoring Tools, and then choose Performance Monitor. In the console pane toolbar, choose the Add button. In the Add Counters window, in the Select counters from computer drop-down list, choose the computer that is running Business Central Server.
Performance counters and ETW are distinct technologies. Performance counters are not exposed through ETW.
The basic difference: performance counters provide high-level metrics on system behavior (think timers and bytes read and objects allocated) while ETW is a diagnostic tracing and logging facility (think Debug.WriteLine messages, but richer and more structured).
Currently, both ETW and performance counters have full support from Windows, and as a developer, you can write code to produce and consume data for both technologies.
Performance Counters
Performance counters, also known as PDH (Performance Data Helper) counters, are simple numeric metrics that give you a high-level summary of how a particular system is behaving. For example, % Processor Time is a performance counter that tells you how much of the processor's time is being used to execute user-mode code. As a more complex example, # of Methods Jitted in the .NET CLR Jit category tells you how many .NET methods were JIT compiled since the start of an application.
Performance counters are generally used to monitor system health and to diagnose specific performance issues. They are a good indicator of issues when something goes wildly wrong, but they don't give you much detail as to why a particular issue is happening.
To view Windows performance counters, you can simply run perfmon. On Vista+, you might need to click on the "Performance Monitor" node to see the counter chart. To programmatically access performance counters, look at the System.Diagnostics.PerformanceCounter class in .NET or the PDH library for native code.
Event Tracing for Windows (ETW)
ETW is a tracing system built into Windows. Essentially, any component (e.g. a user application, or even the Windows kernel itself) can send out diagnostic trace information about specific events that occur that the component cares about. For example, the kernel sends out ETW events when a process starts and stops, when an image (e.g. DLL) is loaded and unloaded, when a thread is created or destroyed, or even when a thread does a context switch. The logged data is in a serialized format that's described by the component elsewhere, allowing diagnostic tools to read and understand the ETW events logged during a session. See here for a boxes-and-lines diagram of how everything works together.
ETW is meant to be fast and should not materially impact the system's performance when logging is not enabled. Starting with Vista, ETW is pervasive throughout Windows and is intended for use by application developers (meaning, specifically, your application can be an ETW provider that logs events). ETW is the basis for the Event Log, and can be used by performance profilers, debuggers, or system monitors.
See my other SO post here for some resources on interfacing with ETW.
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
