Links : Part 2, Part 3, Part 4
Event Tracing Architectural components
Instrumentation Manifest: This is an XML file used to define the metadata about events you want to publish from your application using Windows ETW APIs. Same metadata is used by operating system, consumer applications and trace sessions to understand the meaning of published event and its content.
See how to create an instrumentation manifest file from scratch.
Event Provider: Event provider can be any application or component which is using ETW APIs and publishing windows tracing events. Generally you put all your code specific to ETW APIs in a separate assembly and use it in all your applications to publish the events. Each provider is associated with an instrumentation manifest file, which defines all the possible events your provider code can publish.
See how to create a provider assembly and use it in your application to publish events you had defined in instrumentation manifest file.
Trace Sessions: Trace Sessions listens for all the events published by your event provider. Event provider does not know what all Trace sessions are listening for the events it is publishing. Multiple trace sessions can be created to listen for the events created by single provider. Trace sessions are created and configured using controller applications. See how to create and configure a Trace session.
Event Consumers: These are the applications which use Trace sessions as the source of the events. Same consumer application can listen for multiple trace sessions at same time. It can listen for the events in real time from the trace sessions which are configured to put the events in memory buffer or from log file generated by trace sessions configured to put events in log file. See how to use Windows Event Viewer, standard event consumer application provided by operating system.
Session Controllers: These are the applications you use to create new trace sessions and configure them to listen for the events published by your event providers.
See how to work with GUI based session controller application.
Below figure shows how all these components are logically associated with each other.
Now we know the high level component of windows event tracing infrastructure. A developer has to work with all these components to successfully enable their application to use windows event tracing.
In the next articles of this series, I will show you how to define your custom events using instrumentation manifest file, create your own event provider assembly which can be used in any of your application to publish custom events. I will also show you how to configure new Trace Sessions which will listen to your custom events and how to view all the collected events using Windows Event Viewer.
No comments:
Post a Comment