Reputation: 341
Writing ETW event logs
I need to write some ETW entries into Windows Event Log. For example, I need to generate some events in the Applications and Services Logs/Microsoft/Windows/AAD (or any other folder, doesn't really matter).
New-winevent in powershell does exactly that, but is way too slow.
I also tried this https://blogs.msdn.microsoft.com/dotnet/2013/08/09/announcing-the-eventsource-nuget-package-write-to-the-windows-event-log/ and it generates events into any folder quickly, but I see no obvious way of generating events as existing provider. If I try to register a new one, wevtutil complains that provider for this folder is already registered (which makes sense). So what is the best way around this? How do you generate events as some existing provider?
Upvotes: 0
Views: 943
Answers (1)
Reputation: 341
After fighting with it for some time, finally figured it out in case someone faces the same problem.
I never found a way to use the existing provider. Instead, I generated manifest file and used it to uninstall existing provider:
wevtutil.exe -um $manifestfile
After that, the new one, the one generating events that I need, can be installed without any errors:
wevtutil.exe -im $manifestfile /mf:$dllfile /rf:$dllfile
Obviously, existing logs stop working if you do that.
Upvotes: 0
Related Questions
- Write Event to Eventlog with powershell
- ETW, .NET 4.5 - how to write to the event log?
- Get Windows event provider information
- How to register an EventSource etw provider C# and capture the output to a log file.?
- how to use etw nlog for writing log to custom eventsource
- Powershell. Write event logs
- How do I log events in Windows IoT?
- Powershell - Write to Windows Event Viewer
- ETW EventSource not logging events on Windows Server
- Reading circular ETW log file with ETWTraceEventSource