Event Tracking for Windows (ETW) and logging to event viewer log RRS feed

  • Question

  • Hi,

    I need to log  my processes(messages,errors,warnings...) to event viewr log  it can be done by the etw??

    if not what is the best tool(enterprise library log4net...)  to do it


    Thursday, July 8, 2010 9:08 AM


All replies

  • Thursday, July 8, 2010 10:13 AM
  • Hi,

    Event Tracking for Windows (ETW) outperforms log4net and enterprise library. See Best Practices for High Performance BizTalk solutions and How to Support Component-Level Instrumentation Using BizTalk CAT Instrumentation Framework. You can review Richard's post on BizTalk Application Tracing using log4net or Vijay Modi post (Enterprise Library). I suggest to review the links and determine what solution best fits you needs.



    Steef-Jan Wiggers
    MCTS BizTalk Server
    If this answers your question please mark it accordingly


    Thursday, July 8, 2010 4:11 PM
  • After checking all suggested articles and more, I'm starting to see that you allways have to stop the listener in order to read traces.

    Am i right about that? If so, how is it possible to write to the event log using ETW knowing the whole point of which is on the fly logging?

    Wednesday, July 14, 2010 11:19 AM
  • You don't have to stop the active ETW tracing session to be able to read the traces. There is an option to view the traced events in real time. Here are some basic steps to enable this mode:

    1. Make sure that ETW tracing session is marked as "Real Time" (or "File and Real Time"):

    • Start the ETW trace (using StartTrace.cmd from the BizTalk CAT instrumentation package)
    • Open the Reliability and Performance Monitor tool
    • Expand Data Collector Sets and click on Event Trace Sessions
    • Locate an entry matching your trace log name (specified when executing StartTrace.cmd)
    • Right-click and select Properties
    • Navigate to the Trace Session tab
    • Under Stream Mode, select "Real Time" (if you don't care about capturing traces in a file) or "File and Real Time" (if you require persistence)
    • Click OK on the dialog box

    2. Run the TraceFmt tool in real time mode to view the events being traced:

    • From the command line, run tracefmt.exe -rt YourTraceLogName -displayonly (note YourTraceLogName needs to reflect the actual trace log name from the above steps)

    A few points are worth mentioning here:

    • When -display or -displayonly parameters are specified, the Tracefmt tool will be writing events directly into the console window which may not always be usable - long lines will break up and make it difficult to analyze the data.
    • There is a parameter -ods that tells Tracefmt to write the formatted traces using the Win32 debug API's function OutputDebugString. You can then run the DebugView utility (or other similar tools) to capture and display traces. As it was noted in our guidance, DebugView is likely to consume lots of CPU when capturing large volume of events so please use it with caution.

     Hope this helps.

    Thursday, July 15, 2010 4:40 AM
  • Hi,


    My OS is windows 2003, not  windows 2008



    Thursday, July 15, 2010 6:08 AM
  • Check out this diagnostics library on Codeplex. It uses the same pattern as the Enterprise library i.e System.Diagnostics, so it is not even close to the ETW for performance.
    It supports trace file, event log and WMI events. It also allows tracing an entire XLANG message, including context and content. Trace output can be viewed using ServiceTraceViewer.


    Thursday, July 15, 2010 9:21 AM
  • On Windows 2003, the instructions will differ. They will become even simpler.

    1. Modify StartTrace.cmd and add -rt command line parameter in the following line:

    "%TraceLogTool%" -cir 1000 -start %TraceLogName% -flags %TraceLevel% -f %TraceLogFileName% -guid #%TraceComponentGUID% -b 128 -max 100


    "%TraceLogTool%" -cir 1000 -start %TraceLogName% -flags %TraceLevel% -f %TraceLogFileName% -guid #%TraceComponentGUID% -b 128 -max 100 -rt 

    2. Start the ETW trace using the above script

    3. Run the TraceFmt tool in real time mode to view the events being traced (as previously described)

    Thursday, July 15, 2010 2:25 PM
  • Valery,

    Thanks a lot  for your help, it does work.

    Although I also asked about writing directly to the Windows Event Log.

    Is there a pattern for this kind of scenario?

    Sunday, July 18, 2010 10:28 AM
  • Anyone?

    Please help!!!

    Sunday, July 25, 2010 12:53 PM
  • Apologies for the delayed response.

    Regarding event logging into Windows Event Log, there are several options available: 

    You will be able to find many samples on the Web.

    Thursday, July 29, 2010 3:39 PM