消费“用于Windows的事件跟踪";大事记 [英] Consuming "Event Tracing for Windows" events
问题描述
对此问题的答案使我开始考虑使用"Windows事件跟踪"来满足我们的跟踪需求.我遇到过 NTrace ,这似乎是从C#代码生成ETW事件的好方法(使用XP兼容的经典提供程序"模型.
An answer to this question has led me to look into using "Event Tracing for Windows" for our tracing needs. I have come across NTrace, which seems to be a good way to produce ETW events from C# code (using the XP-compatible "classic provider" model).
但是,我找不到消费这些事件的简单方法-实时查看它们和/或将它们记录到文件中.我发现的唯一方法是NTrace文档中描述的方法:使用仅作为Windows DDK的一部分提供的工具.
However, I am unable to find an easy way to consume these events - to see them in real-time and/or log them to a file. The only way I have found is that described in the NTrace documentation: using a tool which is only available as part of the Windows DDK.
在现场遇到复杂问题时,我们可能需要请 user 生成包含跟踪的文件.为此,我们不能要求用户下载DDK或执行许多复杂的操作.
In the case of a complex problem in the field, we may need to ask the user to produce a file containing a trace. We can't ask users to download the DDK or carry out a number of complex operations in order to do this.
是否有一种简单易用的将ETW事件记录到文件的方法?
Is there a straightforward, user-friendly way to log ETW events to a file?
如果没有以管理员身份运行Windows Vista/7的人,是否有可能在Windows Vista/7上使用ETW事件?
Also, is it possible for someone to consume ETW events on Windows Vista/7 if they are not running as administrator?
推荐答案
TraceView是最简单的即用型解决方案,但是可以编写自己的特定于您的提供商的ETW查看器.这样一来,您就可以完全控制演示文稿,并使最终用户更容易使用,因为TraceView实际上是一种调试工具,而不是您可以要求最终用户运行的工具.
TraceView is the easiest out-of-the-box solution, but it is possible to write your own ETW viewer that is specific to your provider. This would give you full control over the presentation and make it much easier on the end user as TraceView is really more of a debugging tool than something you can ask end users to run.
就实时跟踪而言,根据文档 :
As far as real-time tracing goes, according to the documentation:
只有具有管理特权的用户,性能日志用户"组中的用户以及以LocalSystem,LocalService,NetworkService运行的服务才能实时使用事件.要授予受限用户实时使用事件的能力,请将其添加到性能日志用户"组.
Only users with administrative privileges, users in the Performance Log Users group, and services running as LocalSystem, LocalService, NetworkService can consume events in real time. To grant a restricted user the ability to consume events in real time, add them to the Performance Log Users group.
Windows XP和Windows 2000:任何人都可以使用实时事件.
Windows XP and Windows 2000: Anyone can consume real time events.
If you're interested in writing your own ETW viewer (real-time or log file), here is the relevant documentation.
这篇关于消费“用于Windows的事件跟踪";大事记的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
