The Start-SbecNtKernelLogSession cmdlet starts a real-time NT Kernel Logger trace session with forwarding of the events to the Collector.
The name of the session is fixed as NT Kernel Logger and the GUID is fixed as {9e814aad-3204-11d2-9a82-006008a86939}.
Parameters
-BufferSize
Specifies the buffer size for the session, in kilobytes.
This is the size of one buffer, with the count of these buffers set by the MinimumBufferCount and MaximumBufferCount parameters.
Parameter properties
Type:
UInt32
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
1
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ClockType
Specifies the type of clock used for the events collected by this session: The acceptable values for this parameter are:
Default.
QueryPerformanceCounter.
The high-resolution (period of 100 nanoseconds) clock that is typically used for performance measurement.
SystemTime.
The lower-resolution system time similar to FILETIME (period of 10 milliseconds).
This value is most typical for the data collection through SBEC.
CpuCycleCounter.
The highest-resolution, with the frequency of the CPU, but may be unreliable depending on the CPU model and the thermal and power modes.
Specifies the timeout in seconds for the session buffers to get automatically flushed.
You can disable the flushing of buffers on timeout by setting this parameter to 0, then the buffers will be written only when full or on an explicit flush.
Parameter properties
Type:
UInt32
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
FlushTimer
Parameter sets
(All)
Position:
4
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-KernelEnableFlags
Specifies flags for the NT Kernel Logger that enable the kernel events.
For the setup and boot monitoring, the only reasonable flag is Process.
This enumeration type is defined in $PsHome\Modules\BootEventCollector\SbecTraceHelpers.psm1.
The acceptable values for this parameter are:
Specifies the maximum number of buffers to allocate for this session.
Parameter properties
Type:
UInt32
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
MaximumBuffers, maxbuf
Parameter sets
(All)
Position:
3
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-MinimumBufferCount
Specifies the minimum number of buffers to allocate for this session.
Parameter properties
Type:
UInt32
Default value:
None
Supports wildcards:
False
DontShow:
False
Aliases:
MinimumBuffers, minbuf
Parameter sets
(All)
Position:
2
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-PassThru
Returns an object representing the item with which you are working.
By default, this cmdlet does not generate any output.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
Inputs
None.
Outputs
SbecEtwTrace.TraceSessionInfo
The SbecEtwTrace.TraceSessionInfo class is defined in $PsHome\Modules\BootEventCollector\SbecTraceHelpers.psm1.