Event Tracing

Makale
07.01.2021

Purpose

Event Tracing for Windows (ETW) provides application programmers the ability to start and stop event tracing sessions, instrument an application to provide trace events, and consume trace events. Trace events contain an event header and provider-defined data that describes the current state of an application or operation. You can use the events to debug an application and perform capacity and performance analysis.

This documentation is for user-mode applications that want to use ETW. For information about instrumenting device drivers that run in kernel mode, see WPP Software Tracing and Adding Event Tracing to Kernel-Mode Drivers in the Windows Driver Kit (WDK).

Where applicable

Use ETW when you want to instrument your application, log user or kernel events to a log file, and consume events from a log file or in real time.

Developer audience

ETW is designed for C and C++ developers who write user-mode applications.

Run-time requirements

ETW is included in Microsoft Windows 2000 and later. For information about which operating systems are required to use a particular function, see the Requirements section of the documentation for the function.

Process ETW traces in .NET code

You can use the .NET TraceProcessing API to analyze ETW traces for your applications and other software components. This API is used internally at Microsoft to analyze ETW data produced the Windows engineering system, and it is also used to power several tables in Windows Performance Analyzer. This API is available as a NuGet package.

For more information, see this article.

In this section

Topic	Description
What's New in Event Tracing	New features that were added to Event Tracing in each release.
About Event Tracing	General information about Event Tracing.
Using Event Tracing	Task-related topics that describe how to use the ETW API.
Event Tracing Reference	Detailed descriptions of ETW functions and other programming elements.

Ek kaynaklar

Belgeler

About Event Tracing - Win32 apps

Event Tracing for Windows (ETW) is an efficient kernel-level tracing facility that lets you log kernel or application-defined events to a log file.
Instrumenting Your Code with ETW

How to configure your app for event tracing
Consuming Events (Event Tracing) - Win32 apps

Event trace consumers can process events from one or more providers.
Using Event Tracing - Win32 apps

The following topics describe how to use the ETW API for event tracing.
Configuring and Starting an Event Tracing Session - Win32 apps

To configure an event tracing session, use the EVENT\_TRACE\_PROPERTIES structure to specify the properties of the session.
Controlling Event Tracing Sessions - Win32 apps

Event tracing sessions record events from one or more providers.
What is .NET TraceProcessing - .NET TraceProcessing - Windows apps

In this overview, learn what .NET TraceProcessing is.
Event Tracing Sessions - Win32 apps

Event tracing sessions record events from one or more providers that a controller enables.

Eğitim

Modül

Windows Server olay günlüklerini yönetme ve izleme - Training

Olay Görüntüleyicisi gerçekleşen olayları gözlemlemeniz için nasıl kullanışlı ve erişilebilir bir konum sağladığını öğrenin. Olay bilgilerine hızlı ve rahat bir şekilde erişin. Olay günlüğündeki verileri yorumlamayı öğrenin.

Aracılığıyla paylaş