Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why use ETW over EventLog and vice versa?

Tags:

.net

event-log

etw

Why should I use Event Tracing for Windows (ETW) over the standard .NET EventLog class, and vice versa? Does knowing that we'll be using quite a few performance counters impact the decision?

What I know so far:

  1. ETW should perform much better.
  2. ETW is much more work to integrate with (e.g. .NET Event Tracing for Windows)
  3. By selecting one of the standard channels in ETW (e.g. Application, System), the same information is available in the event log.
like image 916
Kaleb Pederson Avatar asked Mar 08 '12 00:03

Kaleb Pederson

People also ask

What is ETW in IIS?

In IIS 8.5, the administrator has the option of sending logging information to Event Tracing for Windows (ETW). This option gives the administrator the ability to use standard query tools, or create custom tools, for viewing real-time logging information in ETW.

What is ETW reader?

Event Tracing for Windows (ETW) is an efficient kernel-level tracing facility that lets you log kernel or application-defined events to a log file. You can consume the events in real time or from a log file and use them to debug an application or to determine where performance issues are occurring in the application.

What is the use of event viewer logs?

The (Windows) Event Viewer shows the event of the system. The "Windows Logs" section contains (of note) the Application, Security and System logs - which have existed since Windows NT 3.1.

What is an ETW provider?

ETW Provider — provides events to an event tracing session. A provider defines its interpretation of being enabled or disabled. In general, an enabled provider generates events, whereas a disabled provider does not. ETW Consumer — consumes the events from an event tracing session.

1 Answers

ETW has many advantages.

First, in .NET 4.5, it will be far simpler to use. The EventSource class in 4.5 dramatically simplifies creating events from within your code.

However, even without this, ETW has some huge advantages, though it does typically work differently, and, as such, serve a different purpose than EventLog.

EventLog is really designed for logging. ETW, on the other hand, allows you to trace your application's progress in the context of the system as a whole. When you start collecting ETW events, you collect them on a system basis, which lets you not only trace your application, but see what's happening in relation to the system as it's running. By using a tool like PerfView, you can see how specific portions of your application operate while simultaneously seeing what's happening with the framework and Windows as a whole.

like image 78
Reed Copsey Avatar answered Sep 28 '22 07:09

Reed Copsey
Sign in to Comment

Related questions

Is there a way to get a System.Configuration.Configuration instance based on arbitrary xml?
What do you use to protect your .NET code from reverse engineering? [closed]
How to relate objects from multiple contexts using the Entity Framework
Will values in my ThreadStatic variables still be there when cycled via ThreadPool?
Ignoring Version in an assembly-qualified name passed to Type.GetType()
DataTable equivalent in Java [duplicate]
Microsoft PEX with NUnit
Fuzzy match in C#
log4net dependency problem
Does WCF use the ThreadPool to bring up new instances for a PerCall service?
How to analyse WERInternalMetadata.xml file generated by Windows Crash Reporter?
Questions about GUID's: Are they always fixed in length, and is the middle number always 4?
Ignoring Exceptions in xUnit.net
SendKeys alternative that works on Citrix
Explicit implementation of IDisposable
Self referencing fields in protobuf messages
How can I use C# to write and play music? [closed]
How to add data annotations to partial class?
Is there a way to invoke explicitly implemented method/property via reflection in .NET?
How can I programmatically connect to a VPN?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!