none
ETW events RRS feed

  • Question

  • Hello,

    I've wrote an application that listens to ETW events for network . When I'm comparing my output for UDP network events it's completely miss match with Message analyzer. Why is that ?

    I'm using 

    session.Source.Kernel.UdpIpRecvIPV6

    session.Source.Kernel.UdpIpSend

    session.Source.Kernel.UdpIpRecv

    session.Source.Kernel.UdpIpSendIPV6

    session.Source.Kernel.UdpIpFail

    If I don't want to miss any events specially in network what should I do?

    Thanks,

    Rajat Kinkhabwala


    Thursday, March 29, 2018 6:23 PM

All replies

  • Hi Rajat Kinkhabwala,

    Thank you for posting here.

    For your question , what is your Message analyzer? If it is Microsoft Message analyzer, how do you add ETW provider to it?

    Please refer to the MSDN document about add a ETW provider to Message analyzer.

    https://docs.microsoft.com/en-us/message-analyzer/adding-a-system-etw-provider

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 30, 2018 8:32 AM
    Moderator
  • Hello Wendy,

    Thanks for your reply. We are using Microsoft message analyzer.We are adding Localhost and listening all UDP events. We are doing same as this post suggest to do. But still ETW event result is not matching to Message analyzer events for UDP protocol. What can we do to get same result.?

    Thanks,

    Rajat 

    Friday, March 30, 2018 2:57 PM
  • Hi Rajat Kinkhabwala,

    Thank you for feedback.

    >>But still ETW event result is not matching to Message analyzer events for UDP protocol.

    According to your description, what does the "not matching" mean?

    Do you have a manifest for that provider? Please check your manifest.

    Here is the MSDN article about the manifest of provider for your reference.

    https://docs.microsoft.com/en-us/message-analyzer/understanding-event-parsing-with-a-provider-manifest

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, April 6, 2018 1:26 AM
    Moderator