Event Tracing for Windows (ETW) in .NET

Learn about a tracing system that is dead simple to code, already contains much of what you want to trace and is so blazingly fast you can leave it in place while your code runs in production. This course shows you how to harness ETW (Event Tracing for Windows), .NET’s EventSource and Semantic Tracing design.
Course info
Rating
(128)
Level
Intermediate
Updated
Feb 4, 2014
Duration
2h 47m
Table of contents
Semantic Tracing
ETW Design
EventSource
Advanced EventSource
Semantic Logging Application Block (SLAB)
ETW Tools
Guidance
Description
Course info
Rating
(128)
Level
Intermediate
Updated
Feb 4, 2014
Duration
2h 47m
Description

Teach your applications to communicate while they are in production! Event Tracing for Windows is a blazingly fast logging system built into the operating system, .NET and many libraries. This course will teach you how to access thousands of events your applications are already producing and add signpost events with application state decoupled from tracing technology with Semantic Tracing. You’ll see the latest in tracing technology for .NET with EventSource, the Semantic Logging Application Block, and the newly released NuGet versions of EventSource. You’ll learn to add logging to your apps, use existing tools and create new ones, and access Event Viewer, all in the context of better debugging, profiling and application management.

About the author
About the author

Kathleen Dollard is a .NET Team Coach, has been a Microsoft MVP since 1998, and is an ASP.NET Insider.

More from the author
Play by Play: Visual Studio 2017 and C# 7
Intermediate
2h 34m
Aug 25, 2017
Visual Studio 2015 Playbook
Intermediate
2h 43m
Oct 17, 2016
More courses by Kathleen Dollard
Section Introduction Transcripts
Section Introduction Transcripts

Semantic Tracing
Hi. My name is Kathleen Dollard, and this course is about the best current technique to do semantic tracing in your application, and that's Event Tracing for Windows accessed by EventSource in. NET. But semantic tracing itself is a critical step forward for your application development regardless of what technique you use for the implementation of tracing. This module covers the basic concepts of semantic tracing. Before I get started with semantic tracing, I was to take a quick look at the rest of the course. This module is New Thinking about Tracing, Semantic Tracing. The next module is ETW Architecture followed by a module on. NET EventSource and another with advanced features of the. NET EventSource. I'll follow that with a discussion of the Semantic Logging Application Block or SLAB from patterns and practices, and then look at some ETW tools. I'll close out the course with some guidelines on implementing ETW in your application.

ETW Design
ETW is available on all versions of Windows since Vista and Server 2003. The EventSource class that brings good ETW support into. NET is available in the. NET 4. 5 framework and via NuGet for. NET 4. 0. In the remainder of this module, I'll talk about what tracing is and the specific ETW architecture, which is actually a single design slide. The rest of this course is understanding how to take advantage of that single slide. A history of tracing illustrates the change in the increasing pace of ETW adoption, and understanding the structure, manifests, and channels is important to effectively creating and using trace events. I'll give an overview of available controllers, consumers, and providers and show PerfView playing all three roles.

EventSource
This module covers the. NET features that allow you to create your own events. It covers the most common features of the EventSource class new in. NET 4. 5. The next module covers EventSource 1. 0 that's available on NuGet and advanced features of both versions such as localization. This module offers high-level view of all the features of EventSource and event attributes, but it only shows the implementation of those features that everyone is likely to use. I'll start with a demo showing how simple it can be to add ETW support to your. NET applications. While you can use this very simplistic support, EventSource has many options for better tuning your events. Beyond the simplest recommended version, you can customize your events and version them preferably following the guidelines I'll cover at the end of this course. I'll demo the features I recommend you use. You may currently be using other techniques for tracing, and there are plenty of them available. I'll contrast EventSource with the Trace and TraceSource classes available in earlier versions of. NET and still available for legacy support.

Advanced EventSource
This module covers additional EventSource features in. NET 4. 5 and new features in the NuGet version of EventSource, which is numbered 1. 0, and the version that's available in. NET 4. 5. 1. I think the easiest way to cover these more complex topics is to temporarily forget the distinction between the three versions of EventSource. I use the NuGet version to explain how the different features map to EventSource versions in the summary. Please stick with me even if you have no intention of using the NuGet version. Most of the features will also work in other versions, and the NuGet version is just our glimpse of the future of the. NET framework version.

Semantic Logging Application Block (SLAB)
This module covers the Semantic Logging Application Block from Microsoft Patterns and Practices. And yes, that does have the unfortunate acronym SLAB.

ETW Tools
This module talks about Tools to access ETW traces. Too much info is better than missing parts, yeah right. There is a good chance it will feel awkward at first to be consistently paring down very excessive traces rather than building up a trace fitted perfectly to you. You'll see Logman to find and install providers, a deeper dive into PerfView, WPR as a controller, and the Windows Performance Analyzers to consume traces. I'll also introduce a code generation tool from a code first model for EventSource generation. This not only simplifies normal EventSource generation and guarantees consistency with the pesky details of event IDs, but it also allows more complex EventSource classes including support for overloads and automatic creation of extra write events overloads when needed. Controllers and consumers are entirely independent of each other. Returning to the design slide, you'll see why the independence of controllers or collectors from consumers is so valuable. This module covers only two of the many controllers with PerfView and WPR, and just two of the many consumers with PerfView and WPA. As long as you are working with an ETL file, which you are in this case, you can use any controller with any consumer. And while I won't cover it here, you can merge multiple ETL files, including those from different computers.