static void Main(string[] args) { if (args.Length < 2) { Console.WriteLine("Usage: SessionStatistics <real-time session name> <seconds>"); return; } string sessionName = args[0]; int seconds = int.Parse(args[1]); Console.WriteLine("Measuring provider verbosity for session '{0}' for {1} seconds", sessionName, seconds); IObservable <EtwNativeEvent> session = EtwObservable.FromSession(sessionName); var timeSource = new TimeSource <EtwNativeEvent>(session, e => e.TimeStamp); var countPerWindow = from e in timeSource.Take(TimeSpan.FromSeconds(seconds), timeSource.Scheduler) group e by new { e.ProviderId } into g from total in g.Count() select new { Provider = g.Key, Count = total }; ManualResetEvent evt = new ManualResetEvent(false); IDisposable output = countPerWindow.Subscribe( stat => Console.WriteLine("{0} {1}", stat.Provider, stat.Count), // OnNext e => Console.WriteLine(e.Message), // OnError () => { evt.Set(); }); // OnCompleted IDisposable input = timeSource.Connect(); evt.WaitOne(); output.Dispose(); input.Dispose(); }
/// <summary> /// Creates a listener to ETW real-time session for BinaryEnvelope events. These Events have EventId 0, 1 and 2. /// and belong to specified provider. /// </summary> /// <param name="providerId">Identifier of ETW provider.</param> /// <param name="sessionName">Session name.</param> /// <returns>Sequence of events ordered by timestamp.</returns> public static IObservable <IEnvelope> FromSession( Guid providerId, string sessionName) { var parser = new BinaryEtwParser(providerId); var etwObservable = EtwObservable.FromSession(sessionName); return(etwObservable .Select(parser.Parse) .Where(item => item != null)); }
public static void ListenWithImperativeCode() { Console.WriteLine("----- Listening with Tx-EtwObservable and imperative code -----"); _statistics = new Dictionary <uint, StatisticsBucket>(); _timer = new Timer(OnTimer, null, 1000, 1000); _raw = EtwObservable.FromSession(SessionName); using (_raw.Subscribe(CustomCallback)) { Console.ReadLine(); } }
public static void ListenWintQueryOnEtwNativeEvent() { Console.WriteLine("----- Listening with Tx-EtwObservable and Rx query -----"); _raw = EtwObservable.FromSession(Baseline.SessionName); UInt32 pid = 0; UInt32 size = 0; UInt32 daddr = 0; var timeSource = new TimeSource <EtwNativeEvent>(_raw, e => e.TimeStamp); var toStackVars = timeSource.Do(e => // this copies the variables on the stack { pid = e.ReadUInt32(); // skip PID size = e.ReadUInt32(); daddr = e.ReadUInt32(); }); var x = from window in toStackVars.Window(TimeSpan.FromSeconds(1)) from stats in (from packet in window group packet by daddr into g from total in g.Sum(p => size) select new { address = new IPAddress(g.Key).ToString(), received = total }) .ToList() select stats.OrderBy(s => s.address); _subscription = x.Subscribe(v => { Console.WriteLine("--- {0} ---", DateTime.Now); foreach (var s in v) { Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received); } Console.WriteLine(); }); timeSource.Connect(); Console.ReadLine(); Console.WriteLine(pid); // prevent the compiler to optimize this away _subscription.Dispose(); timeSource.Dispose(); }
public static void ListenWintUnsafeClass() { Console.WriteLine("----- Listening with Unsafe wrapper class and Rx query -----"); // this is the approach used by TraceEvent // http://blogs.msdn.com/b/dotnet/archive/2013/08/15/announcing-traceevent-monitoring-and-diagnostics-for-the-cloud.aspx // - It works in this case and provides better performance // - In general means the user must think which data to copy as the first step in the query // For example in query that joins begin and end event, we can't stop ETW from overwriting the buffer before matching end arrives var instance = new RecvV4(); _raw = EtwObservable.FromSession(Baseline.SessionName); var timeSource = new TimeSource <EtwNativeEvent>(_raw, e => e.TimeStamp); var received = timeSource.Select(e => { unsafe { instance.userData = (byte *)e.UserData.ToPointer(); } return(instance); }); var x = from window in received.Window(TimeSpan.FromSeconds(1), timeSource.Scheduler) from stats in (from packet in window group packet by packet.daddr into g from total in g.Sum(p => p.size) select new { address = new IPAddress(g.Key).ToString(), received = total }) .ToList() select stats.OrderBy(s => s.address); _subscription = x.Subscribe(v => { //Console.WriteLine("--- {0} ---", DateTime.Now); //foreach (var s in v) // Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received); //Console.WriteLine(); }); timeSource.Connect(); Console.ReadLine(); _subscription.Dispose(); timeSource.Dispose(); }
static void Main() { Process logman = Process.Start( "logman.exe", "create trace TCP -rt -nb 2 2 -bs 1024 -p {7dd42a49-5329-4832-8dfd-43d979153a88} 0xffffffffffffffff -ets"); logman.WaitForExit(); IObservable <EtwNativeEvent> session = EtwObservable.FromSession("TCP"); using (session.Subscribe(e => Console.WriteLine("{0} {1}", e.TimeStamp, e.Id))) { Console.ReadLine(); } }
static void ListenNative() { Console.WriteLine("listening for EtwNativeEvent"); Console.WriteLine(); var all = EtwObservable.FromSession("TxRealTime"); var windows = from w in all.Window(TimeSpan.FromSeconds(1)) from c in w.Count() select c; subscription = windows.Subscribe( (c) => Console.WriteLine("Using Tx and Rx for count : {0:n}", c), (error) => Console.WriteLine(error.Message), () => Console.WriteLine("----Completed!---")); }
public static void ListenWintUnsafeClass() { Console.WriteLine("----- Listening with Unsafe wrapper class and Rx query -----"); var instance = new RecvV4(); _raw = EtwObservable.FromSession(Baseline.SessionName); var timeSource = new TimeSource <EtwNativeEvent>(_raw, e => e.TimeStamp); var received = timeSource.Select(e => { unsafe { instance.userData = (byte *)e.UserData.ToPointer(); } return(instance); }); var x = from window in received.Window(TimeSpan.FromSeconds(1), timeSource.Scheduler) from stats in (from packet in window group packet by packet.daddr into g from total in g.Sum(p => p.size) select new { address = new IPAddress(g.Key).ToString(), received = total }) .ToList() select stats.OrderBy(s => s.address); _subscription = x.Subscribe(v => { //Console.WriteLine("--- {0} ---", DateTime.Now); //foreach (var s in v) // Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received); //Console.WriteLine(); }); timeSource.Connect(); Console.ReadLine(); _subscription.Dispose(); timeSource.Dispose(); }
public void Start() { if (this.session != null) { throw new InvalidOperationException("The session is already started."); } RealTimeTraceCollectorInfo info = new RealTimeTraceCollectorInfo(this.name); info.Providers.Add(new ProviderInfo(KernelProcessProviderId) { KeywordsAll = 0x10, Level = 4 }); this.session = info.Create(); this.session.Start(); IObservable <EtwNativeEvent> stream = EtwObservable.FromSession(this.name); this.subscription = stream.Subscribe(e => this.OnNext(e)); }