ETW, .NET 4.5 - how to write to the event log?

后端 未结 6 1453
你的背包
你的背包 2021-02-05 04:38

I am trying to wrap my head around ETW and how to integrate t into a high Performance application.

We all know the old dreaded EventLog with it\'s non structured (and th

相关标签:
6条回答
  • 2021-02-05 05:13

    This is very interesting as I have been working on the similar requirements off late. Firstly, you can generate manifest from EventSource class using its static method GenerateManifest(typeof(MyEvents), null). This will provide you with the manifest of your events etc but it does not contain details about the channels. You will need to define the channels yourself in the manifest and then register is using wevtutil.exe, mc.exe and rc.exe utilities. This will create you the event logs as per your provider name in the manifest.

    Interestingly, I could manage to get the Debug and Analytic logs to show me the events generated via EventSource. I could also use Perfmon's Tracing Session to record the events for certain period with filters on keywords and levels. Provider does appear in the Trace Session provider list as well.

    The only thing I am looking at present is to bring the events in Admim and Operation's channels. Please shout if you need samples etc.

    Details are present at- http://www.suneet.net/FrmBlogViewer.aspx?blogid=75

    0 讨论(0)
  • 2021-02-05 05:22

    What you are trying to achieve is not possible due to the following;

    • To direct ETW events to the event log you’ll need to specify a channel of type Admin, Operational or some of the classic once like Application in the manifest and register it using wevtutil. Unfortunately you can’t use EventSource for this, even if you had a manifest, as the underlying implementation does not set the channel byte on the EventDescriptor block when calling WriteEvent e.g. your event is never marked for specific channel.

    • What EventSource does behind the scene to avoid the cumbersome process of registering manifest, compile it into win32 resource, link it to an assembly/dll, register it etc. is to generate a manifest from your EventSource implementation and send it as a known event to allow the receiving service to parse all other event payloads instead of relying on windows infrastructure to get the manifest information. To the best of my knowledge only PerfView supports this for now.

    0 讨论(0)
  • 2021-02-05 05:34

    In August 2013, Microsoft.Diagnostics.Tracing.EventSource 1.0.4 beta released on NuGet. The three big wins are channel support, static (installed) manifest support (the two things required to get into the Event Viewer) and .NET 4.0 support.

    According to the blog post announcing RTM, Microsoft.Diagnostics.Tracing.EventSource "enables fast app tracing to the Windows Event Log, including in production".

    0 讨论(0)
  • 2021-02-05 05:35

    The "Semantic Logging Application Block" has examples of EventListener-derived classes, one of which records in the event log. It is described a bit on Vance's blog.

    0 讨论(0)
  • 2021-02-05 05:38

    MSDN really doesn't explain it well. I hope Stackoverflow will let me to add link to Pluralsight lecture that explains all EventSource topics ideally with usage best practices https://app.pluralsight.com/library/courses/event-tracing-windows-etw-dotnet/table-of-contents

    0 讨论(0)
  • 2021-02-05 05:39

    There is a small introduction tutorial:

    http://blogs.msdn.com/b/vancem/archive/2012/08/13/windows-high-speed-logging-etw-in-c-net-using-system-diagnostics-tracing-eventsource.aspx

    http://blogs.msdn.com/b/vancem/archive/2012/07/09/logging-your-own-etw-events-in-c-system-diagnostics-tracing-eventsource.aspx

    I haven't tried them because I'm currently working with .NET 4 but maybe these links help you...

    0 讨论(0)
提交回复
热议问题