Forked from altrive/EventTracingManagement.ps1
Last active
September 16, 2015 10:43
-
-
Save KurtDeGreeff/884a93e879c9d5d2cb76 to your computer and use it in GitHub Desktop.
EventTracingManagement Cmdlets Test (added in Windows 10)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ErrorActionPreference = "Stop" | |
Import-Module EventTracingManagement #Require Windows 10 enviroment(it use underlying CIM APIs https://msdn.microsoft.com/en-us/library/dn919685%28v=vs.85%29.aspx) | |
Use-NuGetPackage Microsoft.Diagnostics.Tracing.TraceEvent -Verbose #Require PSNuGet<https://github.com/altrive/PSNuGet> | |
$sessionName = "MyRealTimeSession" | |
$providerName = "Sample.EtwTrace" | |
$providerGuid = [Microsoft.Diagnostics.Tracing.Session.TraceEventProviders]::GetEventSourceGuidFromName($providerName) | |
try | |
{ | |
Write-Verbose ('Create ETW RealTimeSession') | |
$params = @{ | |
Name = $sessionName | |
LogFileMode = 0x8400100 #RealTimeSession value | |
MinimumBuffers = 1024 | |
MaximumBuffers = 1290 | |
} | |
$traceSession = New-EtwTraceSession @params | |
Write-Verbose ('Add ETW Provider to session') | |
$params = @{ | |
SessionName = $traceSession.Name | |
Guid = $providerGuid.ToString('B') #specific GUID string format required? | |
} | |
$traceSession = Add-EtwTraceProvider @params | |
#TODO: There is no way to start RealTimeTraceSession proceccing that equivalent to session.Source.Process(); | |
sleep 10 | |
#TODO: RealTimeSession don't support this Cmdlets? | |
#Send-EtwTraceSession -Name $sessionName -DestinationFolder "C:\Temp" | |
} | |
finally | |
{ | |
Remove-EtwTraceSession -Name $sessionName -ErrorAction Ignore | |
$traceSession.Dispose() | |
} | |
#[Microsoft.Diagnostics.Tracing.Session.TraceEventSession]::GetActiveSessionNames() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment