altrive/EventTracingManagement.ps1

## EventTracingManagement.ps1
$ErrorActionPreference = "Stop"
Import-Module EventTracingManagement  #Require Windows 10 enviroment(it use underlying CIM APIs https://msdn.microsoft.com/en-us/library/dn919685%28v=vs.85%29.aspx)
Use-NuGetPackage Microsoft.Diagnostics.Tracing.TraceEvent -Verbose #Require PSNuGet<https://github.com/altrive/PSNuGet>

$sessionName = "MyRealTimeSession"
$providerName = "Sample.EtwTrace"
$providerGuid = [Microsoft.Diagnostics.Tracing.Session.TraceEventProviders]::GetEventSourceGuidFromName($providerName)

try
{
    Write-Verbose ('Create ETW RealTimeSession')
    $params = @{
        Name = $sessionName
        LogFileMode = 0x8400100 #RealTimeSession value
        MinimumBuffers = 1024
        MaximumBuffers = 1290
    }
    $traceSession = New-EtwTraceSession @params

    Write-Verbose ('Add ETW Provider to session')
    $params = @{
        SessionName = $traceSession.Name
        Guid = $providerGuid.ToString('B') #specific GUID string format required?
    }
    $traceSession = Add-EtwTraceProvider @params

    #TODO: There is no way to start RealTimeTraceSession proceccing that equivalent to session.Source.Process();
    sleep 10

    #TODO: RealTimeSession don't support this Cmdlets?
    #Send-EtwTraceSession -Name $sessionName -DestinationFolder "C:\Temp"
}
finally
{
    Remove-EtwTraceSession -Name $sessionName -ErrorAction Ignore
    $traceSession.Dispose()
}

#[Microsoft.Diagnostics.Tracing.Session.TraceEventSession]::GetActiveSessionNames()
	$ErrorActionPreference = "Stop"
	Import-Module EventTracingManagement #Require Windows 10 enviroment(it use underlying CIM APIs https://msdn.microsoft.com/en-us/library/dn919685%28v=vs.85%29.aspx)
	Use-NuGetPackage Microsoft.Diagnostics.Tracing.TraceEvent -Verbose #Require PSNuGet<https://github.com/altrive/PSNuGet>

	$sessionName = "MyRealTimeSession"
	$providerName = "Sample.EtwTrace"
	$providerGuid = [Microsoft.Diagnostics.Tracing.Session.TraceEventProviders]::GetEventSourceGuidFromName($providerName)

	try
	{
	Write-Verbose ('Create ETW RealTimeSession')
	$params = @{
	Name = $sessionName
	LogFileMode = 0x8400100 #RealTimeSession value
	MinimumBuffers = 1024
	MaximumBuffers = 1290
	}
	$traceSession = New-EtwTraceSession @params

	Write-Verbose ('Add ETW Provider to session')
	$params = @{
	SessionName = $traceSession.Name
	Guid = $providerGuid.ToString('B') #specific GUID string format required?
	}
	$traceSession = Add-EtwTraceProvider @params

	#TODO: There is no way to start RealTimeTraceSession proceccing that equivalent to session.Source.Process();
	sleep 10

	#TODO: RealTimeSession don't support this Cmdlets?
	#Send-EtwTraceSession -Name $sessionName -DestinationFolder "C:\Temp"
	}
	finally
	{
	Remove-EtwTraceSession -Name $sessionName -ErrorAction Ignore
	$traceSession.Dispose()
	}

	#[Microsoft.Diagnostics.Tracing.Session.TraceEventSession]::GetActiveSessionNames()