Windows - see active ETW sessions so that I can close one of them
I am working with Event Tracing for Windows API, and from time to time, I run my application and it does not manage to close the ETW trace controller session after opening it.<
-
You can use the command
logman query -etsto see a list of currently running Trace Event Sessions. For example, on Windows 10, you will see something like this:C:\>logman query -ets Data Collector Set Type Status ------------------------------------------------------------------------------- AppModel Trace Running FaceRecoTel Trace Running FaceUnlock Trace Running LwtNetLog Trace Running Microsoft Security Client WMI Providers Trace Running NtfsLog Trace Running TileStore Trace Running WiFiSession Trace Running SCM Trace Running UserNotPresentTraceSession Trace Running CldFltLog Trace Running SHS-05042018-095434-7-5f Trace Running WDSC-05042018-095434-7-20 Trace Running Diagtrack-Listener Trace Running 8696EAC4-1288-4288-A4EE-49EE431B0AD9 Trace Running Cloud Files Diagnostic Event Listener Trace Running The command completed successfully.If you have created you own session, for example by using Microsoft.Diagnostics.Tracing.Session.TraceEventSession, you will have given the session a unique name, and if it is running, you should see it in the list.
To kill an existing session, do this, as an administrator:
logman stop <SessionName> -etsThere are also some PowerShell Cmdlets, that can do similar things.
讨论(0) -
The QueryAllTraces function retrieves the properties and statistics for all event tracing sessions started on the computer for which the caller has permissions to query.
May I suggest to post the second part of your question as a seperate question?
讨论(0) -
The
tracelogcommand line utility that comes along the Windows SDK allows you to do the same thing asQueryAllTraceswith thetracelog -lcommand.讨论(0)
加载中...
- 热议问题