Menu
Why should I use Event Tracing for Windows (ETW) over the standard .NET EventLog class, and vice versa? Does knowing that we'll be using quite a few performance counters impact the decision?
What I know so far:
916
In IIS 8.5, the administrator has the option of sending logging information to Event Tracing for Windows (ETW). This option gives the administrator the ability to use standard query tools, or create custom tools, for viewing real-time logging information in ETW.
Event Tracing for Windows (ETW) is an efficient kernel-level tracing facility that lets you log kernel or application-defined events to a log file. You can consume the events in real time or from a log file and use them to debug an application or to determine where performance issues are occurring in the application.
The (Windows) Event Viewer shows the event of the system. The "Windows Logs" section contains (of note) the Application, Security and System logs - which have existed since Windows NT 3.1.
ETW Provider — provides events to an event tracing session. A provider defines its interpretation of being enabled or disabled. In general, an enabled provider generates events, whereas a disabled provider does not. ETW Consumer — consumes the events from an event tracing session.
ETW has many advantages.
First, in .NET 4.5, it will be far simpler to use. The EventSource class in 4.5 dramatically simplifies creating events from within your code.
However, even without this, ETW has some huge advantages, though it does typically work differently, and, as such, serve a different purpose than EventLog.
EventLog is really designed for logging. ETW, on the other hand, allows you to trace your application's progress in the context of the system as a whole. When you start collecting ETW events, you collect them on a system basis, which lets you not only trace your application, but see what's happening in relation to the system as it's running. By using a tool like PerfView, you can see how specific portions of your application operate while simultaneously seeing what's happening with the framework and Windows as a whole.
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
