Event ID 35 — Winsock Tracing
Applies To: Windows Server 2008
Winsock does not log events unless Event Tracing for Windows (ETW) is enabled for Microsoft-Windows-Winsock-AFD, which is disabled by default. After ETW is enabled, an event is logged whenever a Winsock-based application uses one of the core Winsock operations, such as creating a socket.
To verify that tracing for Winsock is enabled:
- To start tracing, at the command prompt, type logman start winsocktrace -p Microsoft-Windows-Winsock-AFD –o winsocktrace.etl –ets.
- To stop tracing, type logman stop winsocktrace -ets.
- To view the report in XML format, type tracerpt winsocktrace.etl -y -o winsocktracelog.xml -of xml.
Note: Alternatively, tracing can be enabled or disabled by using Event Viewer.
Event Details
Product: | Windows Operating System |
ID: | 35 |
Source: | Microsoft-Windows-Winsock-WS2HELP |
Version: | 6.0 |
Symbolic Name: | AFD_EVENT_CONNECT_IND_V4 |
Message: | Connection indicated: %1 %2 %3 %4 |
Resolve
This is a normal condition. No further action is required.