Start-EtwTraceSession
Starts an ETW session with the specified name and settings.
Syntax
Default (Default)
Start-EtwTraceSession
[-Name] <String>
[-LogFileMode <UInt32>]
[-LocalFilePath <String>]
[-MaximumFileSize <UInt32>]
[-BufferSize <UInt32>]
[-MinimumBuffers <UInt32>]
[-MaximumBuffers <UInt32>]
[-FlushTimer <UInt32>]
[-ClockType <String>]
[-FileMode <String>]
[-Compress]
[-RealTime]
[-NonPaged]
[-CimSession <CimSession>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Start-EtwTraceSession cmdlet starts an ETW session with the specified name and settings.
Parameters
-BufferSize
Specifies the Event Tracing for Windows (ETW) session buffer size, in kilobytes.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CimSession
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Parameter properties
| Type: | CimSession |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ClockType
Specifies the type of timestamp that will be used for each event logged to this ETW session.
This is an advanced session configuration option, and it is not recommended that this parameter be set.
For more information, see the description of the ClientContext field in the topic WNODE_HEADER structure for a description of the different clock types available.
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | Performance, System, Cycle |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Compress
Controls whether ETW should compress the saved buffers as they are filled. Enabling this parameter sets the EVENT_TRACE_COMPRESSED_MODE bit in the LogFileMode parameter.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-FileMode
Specifies how events received by the session should be saved. FileMode provides named values for common logging mode constants, and setting it will affect the value of LogFileMode that is passed to ETW when the session is created.
If you specify this parameter do not specify any file or buffering mode bits in the LogFileMode parameter.
For more information about available modes, see Logging Mode Constants in MSDN.
Parameter properties
| Type: | String |
| Default value: | None |
| Accepted values: | File, Buffering, Sequential, Circular |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-FlushTimer
When set, all active buffers in the session will be flushed at this interval, in seconds.
This is an advanced session configuration option, and it is not recommended that this parameter be set.
If it is not set, the ETW will select an appropriate default based on the LogFileMode.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-LocalFilePath
Specifies the full path to the file the ETW session should write to. For non-buffering mode sessions only.
When creating a new-file file mode session, the file path must contain a %d in the file name.
Do not use this parameter if the session is configured as a buffering mode session. Use Save-EtwTraceSession to save a buffering mode session to disk instead.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-LogFileMode
Specifies the ETW session logging mode. The value is a bitmask of the ETW logging mode constants.
For more information, see Logging Mode Constants in MSDN.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MaximumBuffers
Specifies the maximum number of buffers the ETW session should use.
The ETW session will use a maximum of (BufferSize * MaximumBuffers) kilobytes of memory. Depending on the specified LogFileMode, this may be pageable or non-paged memory.
If the session is losing events because the buffers cannot be flushed quick enough to keep up with the incoming event rate, try increasing this value.
Configuring a session to use too many buffers may affect system performance.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MaximumFileSize
Specifies the maximum file size for the output .etl file to grow to, in megabytes.
The parameter must be set for a circular, new-file, or sequential file mode ETW session.
For circular sessions, once the file reaches this size the oldest buffers will be overwritten by the new buffers.
For new-file sessions, once the file reaches this size a new file will be created and all new events will be written to that file.
For sequential file sessions, once the file reaches this size the session will stop.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-MinimumBuffers
Specifies the minimum number of buffers the ETW session should use.
The ETW session will use a minimum of (BufferSize * MinimumBuffers) kilobytes of memory. Depending on the specified LogFileMode, this may be pageable or non-paged memory.
If the session is losing events because the buffers cannot be flushed quick enough to keep up with the incoming event rate, try increasing this value.
Configuring a session to use too many buffers may affect system performance.
Parameter properties
| Type: | UInt32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Name
Specifies the name of the ETW trace session.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 0 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-NonPaged
Controls whether ETW should use memory from the non-paged pool for the session buffers. Enabling this parameter clears the EVENT_TRACE_USE_PAGED_MEMORY bit in the LogFileMode parameter.
Using memory from the non-paged pool for the session buffers is only required if any of the events that will be sent to the session are logged from the kernel or a driver at high a dispatch level. This parameter should not be set otherwise.
Allocating too much memory from the non-paged pool can seriously degrade system performance.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RealTime
Controls whether ETW should allow real-time consumers to connect to the session. Enabling this parameter sets the EVENT_TRACE_REAL_TIME_MODE bit in the LogFileMode parameter.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.