You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4net-user@logging.apache.org by Nicko Cadell <ni...@neoworks.com> on 2004/10/04 15:11:35 UTC

RE: Windows Event Tracing

Keith,

I don't think that anyone has looked into Windows Event Tracing for log4net.

Not having used EIF I have just had a quick look through the EIF docs and I may have got the wrong end of the stick. It looks like EIF doesn't expose their WET provider using WMI. That means that the EIF trace cannot be configured in the Perfmon app.

The EIF seems to use a service (TraceSessionManager.exe) that controls enabling the WET provider and writing the events to disk. As far as I can see it is not possible to add other providers to the same log.

Ideally we would want the WET provider to be registered via WMI (as a Message Object Format) so that a trace can be configured via Perfmon. However this raises questions about how the provider is registered. 

Should the provider be permanently registered? If not how do we trace application startup, i.e. between when the provider is registered and when we can configure Perfmon to start a trace file.

How do we identify different Applications that use log4net (or instances of Applications)? Do we have a different named provider for each application? Do we log all events from a single provider for all applications? 

What do you think is the best way to use WET for application logging?

Nicko

> -----Original Message-----
> From: Keith Brown [mailto:keith@pluralsight.com] 
> Sent: 30 September 2004 00:45
> To: 'Log4NET User'; 'Thibaut Barrère'
> Subject: RE: Windows Event Tracing
> 
> >> Do you mean the application event log ?<<
> 
> Nope. Windows Event Tracing is a kernel-level feature that 
> allows an application to spit out an incredible amount of log 
> data (it's great for method tracing) in a short period of 
> time, with minimal CPU impact (IIRC, the goal is around 5% 
> additional CPU utilization with WET turned on).
> 
> Windows 2000/XP/2003 itself is instrumented using WET, and 
> you can correlate kernel level logs with application level 
> logs, e.g., how did the file system or Active Directory 
> contribute to the time it took for my Tx to run, and exactly 
> what was the file system or AD doing during that time?
> 
> Here's a link to an article describing WET:
> 
> http://www.winnetmag.com/Windows/Article/ArticleID/40707/40707.html
> 
> Microsoft's EIF supports logging to WET, but it sounds like 
> EIF is being replaced by a new instrumentation platform, 
> which explicitly says it does not support WET (why, I don't 
> yet know). This is why I looked to log4net.
> Besides EIF, I know of no other mainstream managed WET 
> support to recommend to clients.
> 
> Keith
> 
> 
>