Event Tracing Framework  

Quick introduction to event tracing

Event tracing is a subsystem that is deeply integrated in the Windows operating system and is considered part of the Windows Management Instrumentation tool set. Event tracing is super fast and provides new scope for resolving problems and monitoring and tracking resources. The most fundamental aspect of event tracing is an event. An event can be best described as an activity of interest. For example, the Windows operating system’s TCP/IP stack is instrumented with event traces that describe activities such as connect, send, receive, and disconnect. Each event typically includes additional information about the activity: In the case of the TCP/IP stack, more information is provided about the connection and details of what was sent or received. The subsystem that implements event tracing is referred to as the event tracer and is implemented in the Windows kernel. Events are fired (published) by an event-tracing provider, also known as an event tracing logger. Any application that you develop can be an event-tracing provider and it can be engaged in one or more event-tracing sessions. The event tracer temporarily holds the events fired by a provider in non-paged system memory buffers. The event tracer manages the buffers and if necessary, it also manages the dumping of them to an event trace log file on disk.

Contact Me   |  Developing WMI Solutions    |   Gwyn Cole's Developer Blog    |   Legal
 © 2003 Content by Gwyn Cole. All rights reserved.