FTP and ETW Tracing

  • Article

My good friend Suditi Lahiri has written a terrific blog entry about one of the great new features in the FTP 7 service - which is Event tracing for Windows, or ETW for short. You can read her post at the following URL:

https://blogs.iis.net/sudt/archive/2008/08/28/collecting-etw-traces-for-ftp-sessions.aspx

Here's where this feature pays off - ETW tracing allows you to see some of the events that are going on inside the FTP service while its running without trying to attach a debugger to the service host. Another good friend of mine is Jaroslav Dunajsky, and he wrote a batch file that we use internally when testing the FTP server that automates some of the tasks that Suditi discussed in her blog.

I created an abridged version of Jaroslav's batch file some time ago that I've been using, and I thought that it would be a great complement to Suditi's blog. With that in mind, here's the code for the batch file that I use:

@echo offrem ======================================================================echo Verifying that LogParser.exe is in the path...LogParser -h >nul 2>nulif errorlevel 1 (  echo.  echo Error:   echo.  echo   LogParser.exe is was not found. It is required for parsing traces.  echo.  echo Recommended actions:  echo.  echo   - If LogParser is installed then fix the PATH  echo     variable to include the LogParser directory  echo.  echo   - If LogParser is not installed, then install  echo     it from the following location:  echo.  echo   https://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07  echo.  goto :EOF) else (  echo Done.  echo.)rem ======================================================================echo Starting the ETW session for full FTP tracing...logman start "ftp" -p "IIS: Ftp Server" 255 5 -etsecho.echo Now reproduce your problem.echo.echo After you have reproduced your issue, hit any key to close the FTPecho tracing session. Your trace events will be displayed automatically.echo.pause>nulrem ======================================================================echo.echo Closing the ETW session for full FTP tracing...logman stop "ftp" -etsrem ======================================================================echo.echo Parsing the results - this may take a long time depending on the size of the trace...LogParser "select EventTypeName, UserData from ftp.etl" -e 2 -o:DATAGRID -compactModeSep " | " -rtp 20

As mentioned previously, this batch file makes it easier to use the features that Suditi discussed in her blog, and if you're frequently testing FTP features then you may find yourself adding this batch file to your arsenal of troubleshooting tools.