Windows - see active ETW sessions so that I can close one of them

后端 未结 3 809
無奈伤痛
無奈伤痛 2021-02-06 04:48

I am working with Event Tracing for Windows API, and from time to time, I run my application and it does not manage to close the ETW trace controller session after opening it.<

相关标签:
3条回答
  • 2021-02-06 05:10

    You can use the command logman query -ets to see a list of currently running Trace Event Sessions. For example, on Windows 10, you will see something like this:

    C:\>logman query -ets
    
    Data Collector Set                      Type                          Status
    -------------------------------------------------------------------------------
    AppModel                                Trace                         Running
    FaceRecoTel                             Trace                         Running
    FaceUnlock                              Trace                         Running
    LwtNetLog                               Trace                         Running
    Microsoft Security Client WMI Providers Trace                         Running
    NtfsLog                                 Trace                         Running
    TileStore                               Trace                         Running
    WiFiSession                             Trace                         Running
    SCM                                     Trace                         Running
    UserNotPresentTraceSession              Trace                         Running
    CldFltLog                               Trace                         Running
    SHS-05042018-095434-7-5f                Trace                         Running
    WDSC-05042018-095434-7-20               Trace                         Running
    Diagtrack-Listener                      Trace                         Running
    8696EAC4-1288-4288-A4EE-49EE431B0AD9    Trace                         Running
    Cloud Files Diagnostic Event Listener   Trace                         Running
    
    The command completed successfully.
    

    If you have created you own session, for example by using Microsoft.Diagnostics.Tracing.Session.TraceEventSession, you will have given the session a unique name, and if it is running, you should see it in the list.

    To kill an existing session, do this, as an administrator:

    logman stop <SessionName> -ets
    

    There are also some PowerShell Cmdlets, that can do similar things.

    0 讨论(0)
  • 2021-02-06 05:23

    The QueryAllTraces function retrieves the properties and statistics for all event tracing sessions started on the computer for which the caller has permissions to query.

    May I suggest to post the second part of your question as a seperate question?

    0 讨论(0)
  • 2021-02-06 05:31

    The tracelog command line utility that comes along the Windows SDK allows you to do the same thing as QueryAllTraceswith the tracelog -l command.

    0 讨论(0)
提交回复
热议问题