Skip to main content

.NET Programming: Jumpstart ETW (Event Tracking for Windows)

Image
To get started with ETW I highly recommend this pluralsight course by Kathleen Dollard. It gives you a really good introduction, including background and some examples. It will be much harder to succeed just by googling or reading books.

I will not spoil anything from this course. Here I will just give a few more hints and annotations to show where I struggled with ETW, to help you not doing the same mistakes. After finishing the pluralsight course I was really eager to get going with my own implementation but I ran into some annoying trapped doors.

Nuget package for EventSource

The current nuget package for EventSource (Vers. 1.0.16) will create the manifest file automatically (it validates your implementation upfront, only when validation succeeds manifest file will be created. Otherwise there will be no updated or no new manifest file in your bin folder!). Therefore there is no need to create it by hand.

wevtutil.exe

Running wevtutil.exe without parameters to see its help, produces this output on my console:


But all necessary commands are working. I am still investigating into this issue. But it will not effect the needed functionality, all operations worked fine for me.

In the beginning I had some trouble with wevtutil.exe
  • Making spelling mistakes
  • Specifying dll file instead of man file
  • And wrong paths (copy paste issues)
Doing these mistakes will lead into error messages like this:


Seeing these error messages for the first time confused me:

`At column=0, The system cannot locate the resource specified. Failed to load xml document`

The message made me thinking about something was wrong in my implementation in my manifest file. Maybe wrong or missing resources for translation, something in this direction. But its just talking about the parameters for wevtutil and indicates you are specifing a file that is not existing (as already described above spelling mistake in one of the paths or specified dll instead of man file and so on).

EventSource names

I had some issues specifing a “valid” EventSource name. I specified a name like this “MyCompany-MyApplication-MyEvents”. I was wondering why the regarding nested folder was not created. I could just see this entry far in the bottom in the Event Viewer:


But when I tried to open the regarding log I received this message:


The solution was really simple. There was already an existing Eventlog with the name “MyCompany” created by another application:


In this case you cannot create a nested folder with the same name. Makes sense, but a better error message would be helpful.

Maintenance for builds and installed manifests

  • Renaming and building EventSources will create new dll and man files in your build folder but it will not remove the old files. I always delete the content of my build folder when I do changes to keep the overview.
  • You need to keep your custom event sources (dll files) in installation folder (when you remove it, your views in Event Viewer will look strange), you better create a suitable folder for it. Keep man files there too, to be able to uninstall the events (I could not find a way to remove my custom events without man files).

Last but not least

Finally you should definitely checkout this nuget package with more EventSource examples.
Labels:
by

Popular posts from this blog

Clean up AppFabric Dashboard Part 2: Duplicate collection entry in Web.config

by
In Part one I have already described how to remove phantom apps here on more supplement. These phantom apps could also remain in the AppFabric Monitoring db: Just delete no longer needed entries in this table. Duplicate collection entry When you receive this kind of issue, like "[...] Cannot add duplicate collection entry [...]" you have defined the a configuration section twice in two different Web.config files in different places in your file system. Clear One easy solution is to use a clear statement . Searching for the inherited element There is a post in Microsoft's documentation which is explaining how to do it. Visual Studio in debug mode When you are working with Visual Studio in debug mode, which means you are just pressing F5 to run it on your local IIS instead of publishing it to a web server, you should keep in mind that e.g. your obj folder might contain more copies of your Web.config file. This could lead into this duplicate collectio...
Read more

Two annoying issues in Visual Studio regarding XSDs and WCF should be fixed immediately

by
In my daily work I am always stumbling on two annoying features in Visual Studio, and I think it could be improved easily. Here is what I am complaining about. WCF Test Client WCF Test Client might be a nice tiny tool for small WCF tests, especially when you are testing smaller scenarios or when you are starting to learn how to implement web services with .NET. But it can be very annoying when you are working on more advanced stuff and your are testing with your local IIS. WCF Test Client always(!) starts automatically when you press F5 for debugging and your opened .svc.cs file has the focus: When I have configured local IIS is the target for debugging, then I expect my application will start with local IIS and not with WCF Test Client. Always. Here is my first urgent request: Please give me an option to disable WCF Test Client completely! Update 03.03.2014: Workaround for WCF Test Client Issue Select project file -> Right click -> Properties -> Web -> Sele...
Read more

How to move iTunes library to NAS folder

by
This is nothing new, but to free up some space on my MacBook I decided to move my iTunes library to a network drive on my NAS. I got some inspiration from this old German video. I tried to collect all relevant information for doing so. I did it by following this steps  I closed iTunes I mounted a network drive with AFP I copied my iTunes library folder to a folder on the network drive (it is important to keep the folder name "iTunes"!) I opened iTunes while pressing the "alt" key. Now you can create a library or choose one from another location I set the new iTunes folder I deleted the local iTunes library My iTunes settings look like this now, iTunes took over the selected folder: Keep in mind the following You cannot open the iTunes library with two accounts at the same time. When you choose to set "Keep iTunes Media folder organized" iTunes will set your folder structure for artists an albums and also the file pattern for your s...
Read more