none
The etw trace file generated by tracelog.exe doesn't include embedded manifest RRS feed

  • Question

  • Hi Expert,

    Currently we migrated to tracelog.exe from logman to create etw log session, listen to our service providers to trace down events to disk. The reason why we switch to tracelog.exe is to support independent trace session which is a new feature on the windows server 2012 R2. And tracelog.exe expose an -independent option to set this trace mode while logman doesn't support. But we found issue is the *.etl log files generated by tracelog.exe doesn't include manifest info which is different from logman. Is there a way let tracelog to include manifest?

    The command i use to start trace session is:

    tracelog -start EtwTrace -guid providers.txt -f %traceOutputPath%\%logNamePrefix%_%d.etl -b 64 -independent -newfile 2 -flag 0 -level 255 -ft 1

    And look like only the first several etw files contain the manifest but the later etw files doesn't have.  Currently my setting is to generate a new trace file when existing trace file size reaches 2MB. Is there a way to let every etw file include manifest?
    • Edited by zoyizhang Sunday, November 9, 2014 6:15 AM
    Saturday, November 8, 2014 7:32 AM

Answers

  • If you don't get an answer here, try the WPT forum

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Sunday, November 9, 2014 8:10 PM
    Moderator

All replies