public DnsInspectorEtw(Microsoft.O365.Security.ETW.IEventRecordDelegate OnDnsQueryEvent)
{
userTrace = new Microsoft.O365.Security.ETW.UserTrace("priv10_NameResLogger"); // Microsoft-Windows-Winsock-NameResolution
dnsCaptureProvider = new Microsoft.O365.Security.ETW.Provider(Guid.Parse("{55404E71-4DB9-4DEB-A5F5-8F86E46DDE56}"));
dnsCaptureProvider.Any = Microsoft.O365.Security.ETW.Provider.AllBitsSet;
dnsCaptureProvider.OnEvent += OnDnsQueryEvent;
userTrace.Enable(dnsCaptureProvider);
userThread = new Thread(() => { userTrace.Start(); });
userThread.Start();
}
public EtwUserLogger(string name, Guid guid)
{
logName = name;
userTrace = new Microsoft.O365.Security.ETW.UserTrace("etw_" + name);
dnsCaptureProvider = new Microsoft.O365.Security.ETW.Provider(guid);
dnsCaptureProvider.Any = Microsoft.O365.Security.ETW.Provider.AllBitsSet;
dnsCaptureProvider.OnEvent += OnEtwEvent;
userTrace.Enable(dnsCaptureProvider);
workerThread = new Thread(() => { userTrace.Start(); });
workerThread.Start();
}