Using Logman does not collect events

Question

HI I'm using logman to create an etl file of my WPP events. I use the following commands

logman start "Session" -o "C:\\Trace.etl" -p "{2ad34227-4f02-4a89-8c0c-673b86619176}" 0xFFFF -ets

logman stop "Session" -ets

but I always get a 8KB file and when viewing with traceview with pdb/ etl files nothing exists there. ETL I create with traceview also usign the same guid results in MB of etl file. what's wrong in teh command?

as written in this thread Using logman to collect data

Answer 1

You have to mess around with MOF file to register a new provider first. Then you need to create the session with logman or the Performance Tool within the Control Panel. Here is where I found some hints: http://www.osronline.com/showthread.cfm?link=250095. Now I will tell you my quick and dirty procedure:

1. Compile the driver
2. C:\Program Files (x86)\Windows Kits\8.1\bin\x64\tracepdb -f mydriver.pdb
3. C:\Windows\System32\wbem\mofcomp.exe mydriver.mof
4. logman query providers myprovider_name

So if (4) shows your new provider you are almost done! Now:

1. logman create trace mysession_name -p myprovider_name 0xFF 0xFF -bs 64 -nb 16 128 -o "mydriver.etl" -v mmddhhmm -ow
2. logman start mysession_name
3. Generate some ETW logs
4. logman stop mysession_name
5. tracerpt C:\path\mydriver_MMddHHmm.etl
6. You will find in the current directory summary.txt and dumpfile.xml
7. Enjoy your debugging

At step (5) you can actually use TraceView.exe in C:\Program Files (x86)\Windows Kits\8.1\bin\x64.