HowTo: WinInet ETW logging (Analytic Logging)

  • Article

 

Here is a HowTo on Collecting WinInet Tracing on Windows Vista, Windows 7, Windows 2008 Server and Windows Server 2008 R2. If you require to collect this log, you can enable this log just before the issue and disable soon after the repro, that will provide more information. Here are the screenshots for enabling this.

 

1) Open Event Viewer and Select Applications and Services Logs and then Click on View Menu, Check the “Show Analytic and Debug Logs”.

clip_image002

 

2) Under Applications and Services Logs, expand Microsoft and then Windows

3) clip_image004

 

4) Under Windows, Select WinInet and expand. Then right click on the Analytic and Select Enable Log.

5) clip_image006

 

6) Then select “Disable Log” and save all events to a file in evtx format or .csv for easy viewing.

7) clip_image008

 

By default the size of the buffer is set to 1028KB. I would suggest that this value be increased to 25MB just to make sure we don’t end up overwriting  the information because of a small buffer.

clip_image010