Tag Archives: etw

How do I find all the ETW sessions on the machine?

logman is your tool for this. Here is how you can query for all the sessions and also how to see values from a particular session.

c:> logman -etsData Collector Set                      Type                          Status-------------------------------------------------------------------------------AITEventLog                             Trace                         RunningAudio                                   Trace                         RunningDiagLog                                 Trace                         RunningEventLog-Application                    Trace                         RunningEventLog-System                         Trace                         RunningNtfsLog                                 Trace                         RunningSQMLogger                               Trace                         RunningUBPM                                    Trace                         RunningWdiContextLog                           Trace                         RunningMpWppTracing                            Trace                         RunningFSysAgentTrace                          Trace                         RunningMSMQ                                    Trace                         RunningMSDTC_TRACE_SESSION                     Trace                         Runningtest_trace                              Trace                         RunningThe command completed successfully.c:> logman test_trace -etsName:                 test_traceStatus:               RunningRoot Path:            C:Segment:              OffSchedules:            OnSegment Max Size:     500 MBName:                 test_tracetest_traceType:                 TraceOutput Location:      C:9_19_44.etlAppend:               OffCircular:             OnOverwrite:            OffBuffer Size:          8Buffers Lost:         0Buffers Written:      1Buffer Flush Timer:   0Clock Type:           PerformanceFile Mode:            FileProvider:Name:                 Microsoft-Windows-Application Server-ApplicationsProvider Guid:        {C651F5F6-1C0D-492E-8AE1-B4EFD7C9D503}Level:                5KeywordsAll:          0x0KeywordsAny:          0xffffffffProperties:           0Filter Type:          0The command completed successfully.