ETW Tracing in a Driver — post-procedure

Question

I have ETW tracing in a driver; the manifest file is created properly, the resources are all compiled in, etc. On the target machine, I run this command as administrator:

wevtutil im myManifest.xml

I get no errors. Then, I run (as administrator):

logman create trace myProviderName -o Log.etl -p "{myProviderGUID}" -f bincirc -max 1000

With no errors. Then I wait enough time for some traces to have been performed, and then I run these comands (as administrator):

logman stop myProviderName

tracerpt Log000001.etl

Now the problem I'm having is that the generated file, dumpfile.xml shows records of none of my traces at all. It shows a basic structure of setup details including the Provider GUID, etc.

So my question: Is there a step I'm missing in the above procedure, or must the problem be with my tracing code?

Answer 1

It turns out that there was a problem; though it wasn't with my code. I did not include opcodes for my events in the manifest, and as such, no events were being recorded.

If someone stumbles upon this post, it may help you to note that your events must have a channel, level, opcode, and template for even basic functionality. Additionally, the above procedure is missing one step. I needed to do the following:

1. Right click 'My Computer' and select 'Manage'
2. Click Performance > Data Collector Sets > User Defined > myProvider
3. Right click myProvider in right-hand pane, select 'Properties'
4. Set Keywords(Any), Keywords(All), and Level according to what I specified in the manifest
5. Restart my machine, and re-enable trace via logman.

The above procedure (in the question + the supplemental directly above) will create a log session and produce a basic readable log output from the generated ETL file.