ETW/事件源跟踪到文件(转储) [英] ETW/Eventsource tracing to file (dump)

问题描述

我使用ETW在我的应用程序中进行跟踪.因此，我创建了一个自定义EventSource和EventListener.

I use ETW to do tracing in my application. So I create a custom EventSource and EventListener.

现在，我想从客户端使用此跟踪.例如，当我的应用程序遇到未处理的异常时，我希望我的应用程序将跟踪日志转储到文件中，这样我就可以知道远程发生了什么(因此我想进行跟踪转储).

Now I want to use this tracing from a client side. For example, I want my app to dump the tracing log to a file when the app get an unhandled exception, so i will be able to know what happened remotely (so i want a trace dump).

问题1:ETW是为此(转储)设计的还是仅仅是跟踪工具，我必须实现另一个独特的解决方案?

Question 1 : Is ETW design for this (dump) or is it just a tracing tool and I have to implement another distinct solution ?

问题2 :(如果问题1 => ETW可以做这样的事情)我该如何实现?

Question 2 : (If Question 1 => ETW can do such things) How can i achieve this ?

这是用于Windows 10通用应用程序.

EDIT : This is for Windows 10 Universal App.

推荐答案

您不能在UWP中使用语义日志记录，因为它与UWP的.NET不兼容.

You can’t use the Semantic Logging in UWP because it is not compatible with .NET for UWP.

问题1:为此(转储)设计ETW还是只是跟踪? 工具，我必须实现另一个独特的解决方案?

Question 1 : Is ETW design for this (dump) or is it just a tracing tool and I have to implement another distinct solution ?

Windows的事件跟踪(ETW)，顾名思义，它用于事件跟踪.您可以在事件查看器中检查事件详细信息. 转储文件是进行转储时应用程序的快照.它显示了正在执行的进程以及已加载的模块.它不限于事件跟踪.例如，内核内存转储包含崩溃时内核正在使用的所有内存. 摘要:ETW不是为转储而设计的.

Event Tracing for Windows (ETW), as its name suggests, it is used for event tracking. You can check the event detail in the Event Viewer. A dump file is a snapshot of an app at the point in time the dump is taken. It shows what process was executing and what modules were loaded. It is not limited to the event tracing. For example, a Kernel Memory Dump contains all the memory in use by the kernel at the time of the crash. Summary: ETW is not designed for dump.

问题2 :(如果问题1 => ETW可以这样做) 实现这一目标?

Question 2 : (If Question 1 => ETW can do such things) How can i achieve this ?

如果要将所有未处理的异常记录在文件中，则可以使用ETW执行此操作. 有一个示例显示了如何使用ETW(Windows的事件跟踪)名称空间将应用程序事件写入应用程序本地存储中的存储文件.尽管它适用于Windows Store Apps，但仍可以在UWP项目中使用源代码(复制MetroEventSource.cs和StorageFileEventListener).如果要将日志消息发送到远程客户端，则需要实现一个事件侦听器，例如UDPEventListener，将消息发送到远程客户端.

If you want to log all of the unhandled exceptions in a file, you can use the ETW to do this. There is a sample shows how to use the ETW (Event Tracing for Windows) namespaces to write application events to a storage file on the application local storage. Although it is for Windows Store Apps, you can still use the source code in UWP project (copy the MetroEventSource.cs and StorageFileEventListener). If you want to send the log message to remote client, you need to implement a event listener like UDPEventListener sending the message to a remote client.

Windows Store应用程序的记录示例(在WinRT中记录ETW)

这篇关于ETW/事件源跟踪到文件(转储)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！