I am trying to wrap my head around ETW and how to integrate t into a high Performance application.
We all know the old dreaded EventLog with it's non structured (and thus not so optimal) API.
Now there is a new and fancy API for high performance tracing - ETW, and it got a new API on the .NET side in 4.5 in the form of the EventSource class that you can easily subclass (so no more manifest writing).
THis leaves me with a number of questions, trying to get this working.
What did I try? I got an EventSource working, but simply have failed to get the proper documentation on how to get the rest working Downstream from there.
What you are trying to achieve is not possible due to the following;
To direct ETW events to the event log you’ll need to specify a channel of type Admin, Operational or some of the classic once like Application in the manifest and register it using wevtutil. Unfortunately you can’t use EventSource for this, even if you had a manifest, as the underlying implementation does not set the channel byte on the EventDescriptor block when calling WriteEvent e.g. your event is never marked for specific channel.
What EventSource does behind the scene to avoid the cumbersome process of registering manifest, compile it into win32 resource, link it to an assembly/dll, register it etc. is to generate a manifest from your EventSource implementation and send it as a known event to allow the receiving service to parse all other event payloads instead of relying on windows infrastructure to get the manifest information. To the best of my knowledge only PerfView supports this for now.