public NetworkMonitorEtw(Microsoft.O365.Security.ETW.IEventRecordDelegate OnNetworkEvent)
{
kernelTrace = new Microsoft.O365.Security.ETW.KernelTrace("priv10_KernelLogger");
networkProvider = new Microsoft.O365.Security.ETW.Kernel.NetworkTcpipProvider();
networkProvider.OnEvent += OnNetworkEvent;
kernelTrace.Enable(networkProvider);
kernelThread = new Thread(() => { kernelTrace.Start(); });
kernelThread.Start();
}
public EtwKernelLogger(string name, Microsoft.O365.Security.ETW.Kernel.NetworkTcpipProvider provider)
{
logName = name;
kernelTrace = new Microsoft.O365.Security.ETW.KernelTrace("etw_" + name);
networkProvider = provider;
networkProvider.OnEvent += OnEtwEvent;
kernelTrace.Enable(networkProvider);
workerThread = new Thread(() => { kernelTrace.Start(); });
workerThread.Start();
}
