-
Notifications
You must be signed in to change notification settings - Fork 20
About ETW
Muhammad Dehghan edited this page Sep 7, 2013
·
2 revisions
Event Tracing for Windows (ETW) is a kernel-level API that allows for high-performance data collection and tracing in Windows. It allows you to start and stop event tracing at a granular level, log to a very efficient buffering system, and consume events across the system.
The documentation for ETW is here: Event Tracing (Windows)
Some of the benefits of ETW:
- Tracing is combined with capturing performance metrics. You can see how your code affects and is affected by system resources.
- It's built into Windows, so user-mode data can be correlated with system-level data.
- Logs can be sent to files, realtime streams, or other programmatic listeners.
- Stack traces can be captured per-event.
- ETW streams contain metadata manifests that describe the data in the stream. Streams contain enough information to understand the semantics of each event.
Unfortunately, ETW is a C-language API in Windows. Until .NET 4.5, it was pretty difficult to generate the manifest data for your code. Now there is the EventSource class that makes it a little easier. See About .NET EventSource.