What are the advantages of using ETW EventSources versus regular EventLog API?

2018-07-02 14:21:24

We are currently investigating replacing the logging on our system. In many places we are already using the regular EventLog API which auto creates the Event Source if one doesn't exists.

I'd like to know how much benefit there is to converting our code over to using EventSources proper instead of just using the regular EventLog API (which is very easy to use). Is this worth doing?

We want to achieve both logging (where we want to know about single success/error/info/warn status events) and also tracing.

Eventlog is internally ETW starting with Vista (just for information).

For tracing the Eventlog is not helpful. You would float the eventlog with too many entries. With Eventsource the data are not send until you listen to them (xperf, WPR, PerfView) so this doesn't impact performance.

And if you still need Eventlog entries you can also use EventSource to write to the Eventlog.

Microsoft released a NuGet Package of Microsoft EventSource Library a few weeks ago.

Microsoft explained here how to use it:

Announcing the EventSource NuGet Package – Write to the Windows Event Log

When using Eventsource you have the huge benefit of also adding Kernel providers with xperf/WPR like CPU or DISK and you can see how your application impacts the system.

链接地址: http://www.djcxy.com/p/90860.html

上一篇: ETW EventSource在运行时的名称

下一篇: 使用ETW EventSources和常规EventLog API有什么优势？