Event Tracing for Windows
1 create and write the manifest.xml
代码<instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events">
<instrumentation xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events">
<events xmlns="http://schemas.microsoft.com/win/2004/08/events">
<!--Publisher Info -->
<provider name="DotNetPerformance-TechalWriting-EventLogSample"
guid="{9CDE86C9-DFB9-463f-B2C5-71EEC232A69C}"
symbol="DOTNETPERFORMANCE_TECHNICALWRITING_PUBLISHER"
resourceFileName="C:\adams\etw\Debug\EventLogging.exe"
messageFileName="C:\adams\etw\Debug\EventLogging.exe">
<!--Channel to which this Publisher can publish -->
<channels>
<channel chid="MyOpChannel"
name="DotNetPerformance-TechalWriting-EventLogSample/Operational"
type="Operational"
symbol="DOTNETPERFORMANCEOP"
isolation="Application" enabled="true"/>
<channel chid="MyDebugChannel"
name="DotNetPerformance-TechalWriting-EventLogSample/Debug"
type="Debug"
symbol="DOTNETPERFORMANCEDEBUG"
isolation="Application" enabled="true"/>
</channels>
<!--Event Templates -->
<templates>
<template tid="SimpleEvent" message="$(string.SimpleMessage)">>
<data name="Message" inType="win:UnicodeString"/>
<UserData>
<SimpleEvent xmlns="http://manifests.microsoft.com/win/2004/08/windows/simpleevent">
<ExceptionMessage>%1</ExceptionMessage>
</SimpleEvent>
</UserData>
</template>
</templates>
<events>
<event value="1"
level="win:Informational"
template="SimpleEvent"
opcode="win:Info"
channel="MyOpChannel"
symbol="DNP_OP_EVENT"
message="$(string.SimpleMessage)"/>
<event value="2"
level="win:Informational"
template="SimpleEvent"
opcode="win:Info"
channel="MyDebugChannel"
symbol="DNP_DEBUG_EVENT"
message="$(string.SimpleMessage)"/>
</events>
</provider>
</events>
</instrumentation>
<localization>
<resources culture="en-US">
<stringTable>
<string id="SimpleMessage" value="%1" stringType="string"/>
</stringTable>
</resources>
</localization>
</instrumentationManifest>
<instrumentation xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events">
<events xmlns="http://schemas.microsoft.com/win/2004/08/events">
<!--Publisher Info -->
<provider name="DotNetPerformance-TechalWriting-EventLogSample"
guid="{9CDE86C9-DFB9-463f-B2C5-71EEC232A69C}"
symbol="DOTNETPERFORMANCE_TECHNICALWRITING_PUBLISHER"
resourceFileName="C:\adams\etw\Debug\EventLogging.exe"
messageFileName="C:\adams\etw\Debug\EventLogging.exe">
<!--Channel to which this Publisher can publish -->
<channels>
<channel chid="MyOpChannel"
name="DotNetPerformance-TechalWriting-EventLogSample/Operational"
type="Operational"
symbol="DOTNETPERFORMANCEOP"
isolation="Application" enabled="true"/>
<channel chid="MyDebugChannel"
name="DotNetPerformance-TechalWriting-EventLogSample/Debug"
type="Debug"
symbol="DOTNETPERFORMANCEDEBUG"
isolation="Application" enabled="true"/>
</channels>
<!--Event Templates -->
<templates>
<template tid="SimpleEvent" message="$(string.SimpleMessage)">>
<data name="Message" inType="win:UnicodeString"/>
<UserData>
<SimpleEvent xmlns="http://manifests.microsoft.com/win/2004/08/windows/simpleevent">
<ExceptionMessage>%1</ExceptionMessage>
</SimpleEvent>
</UserData>
</template>
</templates>
<events>
<event value="1"
level="win:Informational"
template="SimpleEvent"
opcode="win:Info"
channel="MyOpChannel"
symbol="DNP_OP_EVENT"
message="$(string.SimpleMessage)"/>
<event value="2"
level="win:Informational"
template="SimpleEvent"
opcode="win:Info"
channel="MyDebugChannel"
symbol="DNP_DEBUG_EVENT"
message="$(string.SimpleMessage)"/>
</events>
</provider>
</events>
</instrumentation>
<localization>
<resources culture="en-US">
<stringTable>
<string id="SimpleMessage" value="%1" stringType="string"/>
</stringTable>
</resources>
</localization>
</instrumentationManifest>
mc.exe manifest.xml
generate manifest.h manifest.rc and manifestTEMP.BIN
3. build your provider project.
EventRegister
EventWrite
EventUnregister
代码// EventLogging.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <windows.h>
#include <evntprov.h> // ETW Publishing header
#include <winevt.h> // EventLog Header.
#include "Manifest\manifest.h"
#include <fstream>
int _tmain(int argc, _TCHAR* argv[])
{
//first step - register the event
REGHANDLE hPub = NULL;
ULONG res = EventRegister(&DOTNETPERFORMANCE_TECHNICALWRITING_PUBLISHER, NULL, NULL, &hPub);
if (ERROR_SUCCESS != res){
_tprintf(_T("Could not register event\n"));
}
else{
_tprintf(_T("Event registered successfully\n"));
}
EVENT_DATA_DESCRIPTOR opEventDesc;
PWSTR pwsOp = L"My Operational Event";
EventDataDescCreate(&opEventDesc, pwsOp, ((ULONG)wcslen(pwsOp)+1)*sizeof(WCHAR));
res = EventWrite(hPub, &DNP_OP_EVENT, 1, &opEventDesc);
if (ERROR_SUCCESS != res){
_tprintf(_T("Could not raise operational event Error = %i\n"), res);
}
else{
_tprintf(_T("Operational event successfully raised\n"));
}
EVENT_DATA_DESCRIPTOR debugEventDesc;
PWSTR pwsDebug = L"My Debug Event";
EventDataDescCreate(&debugEventDesc, pwsDebug, ((ULONG)wcslen(pwsDebug)+1)*sizeof(WCHAR));
res = EventWrite(hPub, &DNP_DEBUG_EVENT, 1, &debugEventDesc);
if (ERROR_SUCCESS != res){
_tprintf(_T("Could not raise debug event. Error = %i\n"), res);
}
else{
_tprintf(_T("Debug event successfully raised\n"));
}
//while(true)Sleep(1000);
EventUnregister(hPub);
return 0;
}
//
#include "stdafx.h"
#include <windows.h>
#include <evntprov.h> // ETW Publishing header
#include <winevt.h> // EventLog Header.
#include "Manifest\manifest.h"
#include <fstream>
int _tmain(int argc, _TCHAR* argv[])
{
//first step - register the event
REGHANDLE hPub = NULL;
ULONG res = EventRegister(&DOTNETPERFORMANCE_TECHNICALWRITING_PUBLISHER, NULL, NULL, &hPub);
if (ERROR_SUCCESS != res){
_tprintf(_T("Could not register event\n"));
}
else{
_tprintf(_T("Event registered successfully\n"));
}
EVENT_DATA_DESCRIPTOR opEventDesc;
PWSTR pwsOp = L"My Operational Event";
EventDataDescCreate(&opEventDesc, pwsOp, ((ULONG)wcslen(pwsOp)+1)*sizeof(WCHAR));
res = EventWrite(hPub, &DNP_OP_EVENT, 1, &opEventDesc);
if (ERROR_SUCCESS != res){
_tprintf(_T("Could not raise operational event Error = %i\n"), res);
}
else{
_tprintf(_T("Operational event successfully raised\n"));
}
EVENT_DATA_DESCRIPTOR debugEventDesc;
PWSTR pwsDebug = L"My Debug Event";
EventDataDescCreate(&debugEventDesc, pwsDebug, ((ULONG)wcslen(pwsDebug)+1)*sizeof(WCHAR));
res = EventWrite(hPub, &DNP_DEBUG_EVENT, 1, &debugEventDesc);
if (ERROR_SUCCESS != res){
_tprintf(_T("Could not raise debug event. Error = %i\n"), res);
}
else{
_tprintf(_T("Debug event successfully raised\n"));
}
//while(true)Sleep(1000);
EventUnregister(hPub);
return 0;
}
4. install
wevtutil im manifest.xml
if you got this error:
**** Warning: Publisher <provider name> resources are not accessible.
please check
1) compile the manifest.xml
2) provider application path in the xml file
3) path of winmeta.xml file (you can copy this file to your manifest.xml folder)
5. Check logs
/*
6. create user defined data collector sets
performance monitor -> data collector sets -> user defined -> new -> data collector set
create manually(advanced) -->create data logs ->event trace data -> add provider (choose the provider you installed)
your can create user defined data collector sets by command line
7. collector data
start&stop the data collector
*/
