ETW – Overview

Event Tracing for Windows (ETW) is a system for routing events. ETW is primarily intended for diagnostic purposes and is optimized to minimize impact on the overall system performance. ETW should not be used for control purposes as it does not offer guaranteed delivery — events might be lost in certain circumstances (e.g. if events occur…

1

TraceLogging – Background

ETW is a system for getting data from providers to consumers. The core ETW runtime does not know anything about the payload of the ETW event — it just routes the event based on event attributes such as provider ID, event ID, level, and keywords. The user of ETW can put any data in any format…


ETW Provider Names and GUIDs

An ETW provider is a component that creates ETW events. Internally, ETW identifies each provider with a GUID, and all event filtering/routing in ETW starts with the provider GUID. For example, if I want to capture an ETL file containing events from a particular provider, I would find the provider’s GUID, and then execute an…


We apologize for the inconvenience

Sorry I haven’t blogged for a while. I’m on the Core ETW team now, and there are some things I want to share about ETW, so expect a few postings in the near future. Let me know if there are things you’d like to have explained about ETW. I’m hoping to do some posts that…