How does an out-of-process semantic logging service receive events?

StackOverflow https://stackoverflow.com/questions/23655621

  •  22-07-2023
  •  | 
  •  

Question

The reason I'm asking is I would like to use the out-of-proc mode, but I cannot install a service on each user's workstation, only on a central server. Is the communication between event source and listener service an ETW thing, or is there some kind of RPC I could use?

Was it helpful?

Solution

Yes, the out-of-process mode works by using ETW. All ETW events are system wide so the service just has to listen to ETW events.

ETW only works locally and does not offer a remote solution you could use. Your options are to install a service on each workstation, listen to ETW events (here or here) and forward them to your server with a RPC solution you build yourself. Using MSMQ comes to mind. Or have your application forward the events to your server directly so you don't need the service. Either way, you will have to build it yourself.

OTHER TIPS

To add to Lars' answer, you could also log to SQL. There is a SQL sink you can use but like everything else, to get the most customized fit, you would build your own (or inherit from another class to give you a good starting point). Be careful though. Not all sinks are created the same. They all have their pros and cons. For example, with SQL and Azure sinks, you have to worry about high latency. The XML formatter doesn't write the root starting and ending node so it's not well-formed xml. Whatever reads that file would have to provide them. Good luck!

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top