How to use symbol server when parse ETL with tracefmt RRS feed

  • Question

  • Hi, there. I am a software engineer which always using ETL logs to analyze driver or system issues.
    Here I met an issue when using MSFT public symbol server and maybe you can give a guidance on it. Thanks.

    Here is my problem:
    We need analyze logs captured by logman. When the log GUID only contain my own driver, that is ok when I use below command to parse it into text. Here the %1 means the ETL and the TMF stores all the information parse from our driver’s PDB file.
    tracefmt.exe %1 -p .\TMF -seq -nosummary -hires -o %~n1.txt –v
    But sometimes when I want to capture log with both my own driver’s GUID and MSFT WPP provider’s GUID (like Microsoft_Windows_Kernel_Acpi) together. The parse command don’t work for MSFT part. I tried to modify the command to below. But it still CANNOT fetch symbol from your symbol server. The %_NT_SYMBOL_PATH I set to “srv*D:\Symbols_cache*” which following you MSDN guide.
    tracefmt.exe %1 -r %_NT_SYMBOL_PATH% -p .\TMF -seq -nosummary -hires -o %~n1.txt –v
    Do you know the reason? And how to make it work?

    I found 2 workaround for it (to use Traceview with GUI or Message Analyzer). Both UI tools can handel logs with my own driver and MSFT's. But when the ETL log become extra-large (over 1G bytes or even bigger), these two UI tools cannot handle.  Anyway, the two GUI tools confirm the symbol server I set is correct.

    Thursday, December 20, 2018 2:53 AM