JustKernel

It was a surprise for me to find that ETW fails in its most important mission.

While reading about ETW (very few articles are available on net), I found that ETW is most popularized event logging system available. Events can be trace logs, admin event, crashes etc.

So I thought it would be great is I can make all my drivers ETW compliant so that if crash occurs in any of my end customer’s system (using my driver) , I can ask him to send the .etl file (ETW log file), which will help me in debugging.
But later I found that , without registering a manifest file (which defines events etc), through a stupid tool “wevtutil.exe”, logs will not be generated. So now what to do, I have to resort to dirty way of calling “system” command to register the manifest (system(wevtutil im <manifest name>)) and then only logs are available.

Microsoft claims that logs will be available only if session is established through consumer like logman or manifest is registered. I want to ask them , what about the case where logs have to be collected from remote user who may be a novice in computer usage. Will I ask him to register the manifest or start a tracing session ??

Please , Microsoft look into this requirement.

Anshul Makkar

mailto: anshul_makkar@justkernel.com

Posted On: 2010-03-27 10:12:51

Tags: WPP, WTW