public void EtwFileSourceTest()
{
var observable = EtwObservable.FromFiles(FileName);
var source = new TimeSource <EtwNativeEvent>(observable, e => e.TimeStamp);
var parsed = from p in source
where p.Id == 2
select p.TimeStamp;
var buf = parsed.Take(13).Buffer(TimeSpan.FromSeconds(1), source.Scheduler);
var list = new List <IList <DateTimeOffset> >();
ManualResetEvent completed = new ManualResetEvent(false);
buf.Subscribe(
t => list.Add(t),
() => completed.Set());
source.Connect();
completed.WaitOne();
Assert.AreEqual(2, list.Count());
Assert.AreEqual(7, list.First().Count);
Assert.AreEqual(6, list.Skip(1).First().Count);
}
static void Main(string[] args)
{
if (args.Length < 2)
{
Console.WriteLine("Usage: SessionStatistics <real-time session name> <seconds>");
return;
}
string sessionName = args[0];
int seconds = int.Parse(args[1]);
Console.WriteLine("Measuring provider verbosity for session '{0}' for {1} seconds", sessionName, seconds);
IObservable <EtwNativeEvent> session = EtwObservable.FromSession(sessionName);
var timeSource = new TimeSource <EtwNativeEvent>(session, e => e.TimeStamp);
var countPerWindow = from e in timeSource.Take(TimeSpan.FromSeconds(seconds), timeSource.Scheduler)
group e by new { e.ProviderId } into g
from total in g.Count()
select new { Provider = g.Key, Count = total };
ManualResetEvent evt = new ManualResetEvent(false);
IDisposable output = countPerWindow.Subscribe(
stat => Console.WriteLine("{0} {1}", stat.Provider, stat.Count), // OnNext
e => Console.WriteLine(e.Message), // OnError
() => { evt.Set(); }); // OnCompleted
IDisposable input = timeSource.Connect();
evt.WaitOne();
output.Dispose();
input.Dispose();
}
public void EtwObservableTest()
{
var observable = EtwObservable.FromFiles(FileName);
int count = observable.Count().Wait();
Assert.AreEqual(2041, count);
}
static void Main()
{
IObservable <EtwNativeEvent> etl = EtwObservable.FromFiles(@"HTTP_Server.etl");
IDisposable d = etl.Count().Subscribe(Console.WriteLine);
Console.ReadLine();
d.Dispose();
}
public IObservable <EtwNativeEvent> GetRawEventsForTimeWindow()
{
Playback scope = new Playback();
foreach (var item in this.files)
{
scope.AddEtlFiles(item);
}
return(EtwObservable.FromFiles(this.files.ToArray()));
}
public void OfType()
{
var count = EtwObservable.FromFiles(this.EtlFileName)
.OfType <EtwNativeEvent, Parse>(
new EtwManifestTypeMap(),
new EtwClassicTypeMap(),
new EtwTypeMap())
.Count()
.Wait();
Assert.AreEqual(291, count);
}
private static IObservable <EtwNativeEvent> CreateEtwObservable(
bool useSequentialReader,
DateTime?startTime,
DateTime?endTime,
params string[] files)
{
if (startTime.HasValue != endTime.HasValue)
{
throw new ArgumentException("Specify both start and end times or leave both of them null.");
}
if (startTime.HasValue && startTime.Value >= endTime.Value)
{
throw new ArgumentException("Start time should be less than end time.");
}
if (files == null)
{
throw new ArgumentNullException(nameof(files));
}
if (files.Length == 0)
{
throw new ArgumentException("The Files parameter should contain at least one element.");
}
IObservable <EtwNativeEvent> etwObservable;
if (useSequentialReader)
{
if (startTime.HasValue)
{
etwObservable = EtwObservable.FromSequentialFiles(startTime.Value, endTime.Value, files);
}
else
{
etwObservable = EtwObservable.FromSequentialFiles(files);
}
}
else
{
if (startTime.HasValue)
{
etwObservable = EtwObservable.FromFiles(startTime.Value, endTime.Value, files);
}
else
{
etwObservable = EtwObservable.FromFiles(files);
}
}
return(etwObservable);
}
/// <summary>
/// Creates a listener to ETW real-time session for BinaryEnvelope events. These Events have EventId 0, 1 and 2.
/// and belong to specified provider.
/// </summary>
/// <param name="providerId">Identifier of ETW provider.</param>
/// <param name="sessionName">Session name.</param>
/// <returns>Sequence of events ordered by timestamp.</returns>
public static IObservable <IEnvelope> FromSession(
Guid providerId,
string sessionName)
{
var parser = new BinaryEtwParser(providerId);
var etwObservable = EtwObservable.FromSession(sessionName);
return(etwObservable
.Select(parser.Parse)
.Where(item => item != null));
}
public static void ListenWithImperativeCode()
{
Console.WriteLine("----- Listening with Tx-EtwObservable and imperative code -----");
_statistics = new Dictionary <uint, StatisticsBucket>();
_timer = new Timer(OnTimer, null, 1000, 1000);
_raw = EtwObservable.FromSession(SessionName);
using (_raw.Subscribe(CustomCallback))
{
Console.ReadLine();
}
}
public static void ListenWintUnsafeClass()
{
Console.WriteLine("----- Listening with Unsafe wrapper class and Rx query -----");
// this is the approach used by TraceEvent
// http://blogs.msdn.com/b/dotnet/archive/2013/08/15/announcing-traceevent-monitoring-and-diagnostics-for-the-cloud.aspx
// - It works in this case and provides better performance
// - In general means the user must think which data to copy as the first step in the query
// For example in query that joins begin and end event, we can't stop ETW from overwriting the buffer before matching end arrives
var instance = new RecvV4();
_raw = EtwObservable.FromSession(Baseline.SessionName);
var timeSource = new TimeSource <EtwNativeEvent>(_raw, e => e.TimeStamp);
var received = timeSource.Select(e =>
{
unsafe
{
instance.userData = (byte *)e.UserData.ToPointer();
}
return(instance);
});
var x = from window in received.Window(TimeSpan.FromSeconds(1), timeSource.Scheduler)
from stats in
(from packet in window
group packet by packet.daddr into g
from total in g.Sum(p => p.size)
select new
{
address = new IPAddress(g.Key).ToString(),
received = total
})
.ToList()
select stats.OrderBy(s => s.address);
_subscription = x.Subscribe(v =>
{
//Console.WriteLine("--- {0} ---", DateTime.Now);
//foreach (var s in v)
// Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received);
//Console.WriteLine();
});
timeSource.Connect();
Console.ReadLine();
_subscription.Dispose();
timeSource.Dispose();
}
public static void ListenWintQueryOnEtwNativeEvent()
{
Console.WriteLine("----- Listening with Tx-EtwObservable and Rx query -----");
_raw = EtwObservable.FromSession(Baseline.SessionName);
UInt32 pid = 0;
UInt32 size = 0;
UInt32 daddr = 0;
var timeSource = new TimeSource <EtwNativeEvent>(_raw, e => e.TimeStamp);
var toStackVars = timeSource.Do(e => // this copies the variables on the stack
{
pid = e.ReadUInt32(); // skip PID
size = e.ReadUInt32();
daddr = e.ReadUInt32();
});
var x = from window in toStackVars.Window(TimeSpan.FromSeconds(1))
from stats in
(from packet in window
group packet by daddr
into g
from total in g.Sum(p => size)
select new
{
address = new IPAddress(g.Key).ToString(),
received = total
})
.ToList()
select stats.OrderBy(s => s.address);
_subscription = x.Subscribe(v =>
{
Console.WriteLine("--- {0} ---", DateTime.Now);
foreach (var s in v)
{
Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received);
}
Console.WriteLine();
});
timeSource.Connect();
Console.ReadLine();
Console.WriteLine(pid); // prevent the compiler to optimize this away
_subscription.Dispose();
timeSource.Dispose();
}
public void EtwObservableTest()
{
var observable = EtwObservable.FromFiles(FileName);
int count = 0;
observable.ForEach(
x =>
{
count++;
});
Assert.AreEqual(2041, count);
}
public void EtwObservableFirst()
{
var observable = EtwObservable.FromFiles(FileName);
string failureMessage = null;
observable
.Take(1)
.Do(
nativeEvent =>
{
try
{
Assert.AreEqual(new Guid("00000100-0000-0003-193d-42fb30bbcb01"), nativeEvent.ActivityId);
Assert.AreEqual(16, nativeEvent.Channel);
Assert.AreEqual(0, nativeEvent.EventProperty);
Assert.IsNotNull(nativeEvent.ExtendedData);
Assert.AreEqual(0, nativeEvent.ExtendedDataCount);
Assert.AreEqual(576, nativeEvent.Flags);
Assert.AreEqual(0, nativeEvent.HeaderType);
Assert.AreEqual(21, nativeEvent.Id);
Assert.AreEqual(9223372036854775824L, nativeEvent.Keyword);
Assert.AreEqual(4, nativeEvent.Level);
Assert.AreEqual(28, nativeEvent.Opcode);
Assert.AreEqual((uint)0, nativeEvent.ProcessId);
Assert.AreEqual((uint)677443, nativeEvent.ProcessorTime);
Assert.AreEqual((ushort)152, nativeEvent.Size);
Assert.AreEqual((ushort)4, nativeEvent.Task);
Assert.AreEqual(new Guid("dd5ef90a-6398-47a4-ad34-4dcecdef795f"), nativeEvent.ProviderId);
Assert.AreEqual((uint)0, nativeEvent.ThreadId);
Assert.AreEqual(DateTimeOffset.FromFileTime(129402940472257591L), nativeEvent.TimeStamp);
Assert.AreEqual(129402940472257591L, nativeEvent.TimeStampRaw);
Assert.IsNotNull(nativeEvent.UserContext);
Assert.IsNotNull(nativeEvent.UserData);
Assert.AreEqual((ushort)72, nativeEvent.UserDataLength);
Assert.AreEqual(0, nativeEvent.Version);
}
catch (AssertFailedException assertError)
{
failureMessage = assertError.Message;
}
})
.Wait();
if (failureMessage != null)
{
Assert.Fail(failureMessage);
}
}
public void EtwParser()
{
var parser = EtwObservable.FromFiles(FileName);
int count = 0;
ManualResetEvent completed = new ManualResetEvent(false);
parser.Count().Subscribe(
x => count = x,
() => completed.Set());
completed.WaitOne();
Assert.AreEqual(2041, count);
}
static void Main()
{
Process logman = Process.Start(
"logman.exe",
"create trace TCP -rt -nb 2 2 -bs 1024 -p {7dd42a49-5329-4832-8dfd-43d979153a88} 0xffffffffffffffff -ets");
logman.WaitForExit();
IObservable <EtwNativeEvent> session = EtwObservable.FromSession("TCP");
using (session.Subscribe(e => Console.WriteLine("{0} {1}", e.TimeStamp, e.Id)))
{
Console.ReadLine();
}
}
public TimeSpan RunTestcase(MethodInfo method)
{
var observable = EtwObservable.FromFiles(_files);
// the testcase should set the callback
method.Invoke(this, new object[] {});
Stopwatch stopwatch = Stopwatch.StartNew();
observable.Subscribe(EtwCallback, OnCompleted);
_completed.WaitOne();
stopwatch.Stop();
return(stopwatch.Elapsed);
}
static void ListenNative()
{
Console.WriteLine("listening for EtwNativeEvent");
Console.WriteLine();
var all = EtwObservable.FromSession("TxRealTime");
var windows = from w in all.Window(TimeSpan.FromSeconds(1))
from c in w.Count()
select c;
subscription = windows.Subscribe(
(c) => Console.WriteLine("Using Tx and Rx for count : {0:n}", c),
(error) => Console.WriteLine(error.Message),
() => Console.WriteLine("----Completed!---"));
}
public static void ListenWintUnsafeClass()
{
Console.WriteLine("----- Listening with Unsafe wrapper class and Rx query -----");
var instance = new RecvV4();
_raw = EtwObservable.FromSession(Baseline.SessionName);
var timeSource = new TimeSource <EtwNativeEvent>(_raw, e => e.TimeStamp);
var received = timeSource.Select(e =>
{
unsafe
{
instance.userData = (byte *)e.UserData.ToPointer();
}
return(instance);
});
var x = from window in received.Window(TimeSpan.FromSeconds(1), timeSource.Scheduler)
from stats in
(from packet in window
group packet by packet.daddr into g
from total in g.Sum(p => p.size)
select new
{
address = new IPAddress(g.Key).ToString(),
received = total
})
.ToList()
select stats.OrderBy(s => s.address);
_subscription = x.Subscribe(v =>
{
//Console.WriteLine("--- {0} ---", DateTime.Now);
//foreach (var s in v)
// Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received);
//Console.WriteLine();
});
timeSource.Connect();
Console.ReadLine();
_subscription.Dispose();
timeSource.Dispose();
}
static void Main()
{
IObservable <EtwNativeEvent> etl = EtwObservable.FromFiles(@"HTTP_Server.etl");
var timeSource = new TimeSource <EtwNativeEvent>(etl, e => e.TimeStamp);
var countPerWindow = from window in timeSource.Window(TimeSpan.FromSeconds(5), timeSource.Scheduler)
from Count in window.Count()
select Count;
var withTime = countPerWindow.Timestamp(timeSource.Scheduler);
using (withTime.Subscribe(ts => Console.WriteLine("{0} {1}", ts.Timestamp, ts.Value)))
{
timeSource.Connect();
Console.ReadLine();
}
}
public void Start()
{
if (this.session != null)
{
throw new InvalidOperationException("The session is already started.");
}
RealTimeTraceCollectorInfo info = new RealTimeTraceCollectorInfo(this.name);
info.Providers.Add(new ProviderInfo(KernelProcessProviderId)
{
KeywordsAll = 0x10, Level = 4
});
this.session = info.Create();
this.session.Start();
IObservable <EtwNativeEvent> stream = EtwObservable.FromSession(this.name);
this.subscription = stream.Subscribe(e => this.OnNext(e));
}
public TraceReader(string fileName)
{
this.eventStream = EtwObservable.FromFiles(fileName);
}
public bool TxEtl(FileObject fileObject, string outputFile)
{
// this forces blg output timestamps to use local capture timezone which is utc for azure
// Tx module is not able to determine with PDH api blg source timezone
// todo: verify if needed for etl...
//TimeUtil.DateTimeKind = DateTimeKind.Unspecified;
DateTime startTime = DateTime.Now;
IObservable <EtwNativeEvent> observable = default(IObservable <EtwNativeEvent>);
TraceObserver <EtwNativeEvent> traceSession = default(TraceObserver <EtwNativeEvent>);
//List<EtwNativeEvent> records = new List<EtwNativeEvent>();
List <DtrTraceRecord> csvRecords = new List <DtrTraceRecord>();
// todo: verify if needed for etl...testing pdh found invalid data when using concurrently
// lock (_lockObj)
// {
Log.Debug($"observable creating: {fileObject.FileUri}");
observable = EtwObservable.FromFiles(fileObject.FileUri);
Log.Debug($"observable created: {fileObject.FileUri}");
traceSession = ReadTraceRecords(observable);
Log.Debug($"finished total ms: {DateTime.Now.Subtract(startTime).TotalMilliseconds} reading: {fileObject.FileUri}");
// records = traceSession.Records;
// }
//foreach (EtwNativeEvent record in records)
foreach (EtwNativeEvent record in traceSession.Records)
{
//Log.Info("record", record);
//if (!string.IsNullOrEmpty(record.Value.ToString()))
//{
// string counterValue = record.Value.ToString() == "NaN" ? "0" : record.Value.ToString();
// try
// {
// csvRecords.Add(new CsvCounterRecord()
// {
// Timestamp = record.Timestamp,
// CounterName = record.CounterPath.Replace("\"", "").Trim(),
// CounterValue = Decimal.Parse(counterValue, NumberStyles.AllowExponent | NumberStyles.AllowDecimalPoint),
// Object = record.CounterSet?.Replace("\"", "").Trim(),
// Counter = record.CounterName.Replace("\"", "").Trim(),
// Instance = record.Instance?.Replace("\"", "").Trim(),
// NodeName = fileObject.NodeName,
// FileType = fileObject.FileDataType.ToString(),
// RelativeUri = fileObject.RelativeUri
// });
// }
// catch (Exception ex)
// {
// Log.Exception($"stringValue:{counterValue} exception:{ex}", record);
// }
//}
//else
//{
// Log.Warning($"empty counter value:", record);
//}
}
fileObject.Stream.Write(csvRecords);
Log.Info($"records: {traceSession.Records.Count()} {csvRecords.Count}");
traceSession.Dispose();
return(true);
}
