Tuesday, August 31, 2010

Event Tracing for Windows

Tip - A new mechanism with high performance for event logging.

Details - ETW is a general-purpose, high-speed tracing facility provided by the operating system (Windows Vista, Windows 7, Windows Server 2008 etc). Using a buffering and logging mechanism implemented in the kernel, ETW provides a tracing mechanism for events raised by both user-mode applications and kernel-mode device drivers.
Additionally, ETW gives you the ability to enable and disable logging dynamically, making it easy to perform detailed tracing in production environments without requiring reboots or application restarts. The logging mechanism uses per-processor buffers that are written to disk by an asynchronous writer thread. This allows large-scale server applications to write events with minimum disturbance.

ETW was first introduced on Windows 2000. Since then, various core OS and server components have adopted ETW to instrument their activities, and it's now one of the key instrumentation technologies on Windows platforms. A growing number of third-party applications are using ETW for instrumentation as well, and some take advantage of the events provided by Windows itself.

Reference -  

No comments:

Post a Comment