ETW End-To-End Tracing
in [Win32 Kernel]
|
Prev: UpdateResource fails on old PE files?
Next: CreateFileMapping failed with OS status 1816 (Not enough quota is available to process this command)
From: G�nter Prossliner on 30 Mar 2010 09:41 Hello NG! In ETW the ActivityID is provided to allow clients to analyse traces from different providers in a End-To-End Analysis. What I don't really understand is what is needed in the Application to support such a scenario, and what is provided by the OS or MS-Servers to do so (everything for Windows 2008 Server). Example: * I implement a Service which uses the HTTP-API to communicate with clients * The Service calls an SQL2008 Instance Workflow: 1. A SYN TCP Package is issued from the Client, this is traced by the Windows TCP Stack with ETW 2. The TCP Session is established, this is also traced 3. The HTTP.sys takes over, parses the request, and feeds it to my service (which has a HttpRecieveHttpRequest operation pending). AFAIK HTTP.sys also produces ETW Traces. 4. My Service processes the request (and also produces some ETW Traces) 5. As part of the Request-Processing an Batch is send to a SQL-Server (SQL2008, which also implements ETW). 6. The Service prepares the HttpResponse for the Client-Request 7. HTTP.sys does whatever is needed to send the HTTP-Response. 8. The Client gets it How can the Activity-IDs be managed to support an End-To-End Tracing in such a (common) scenario? I want an ETW-Client to build an report which starts from the first SYN, contains HTTP.sys traces, Application traces and SQL-traces. So: * Who generates the Acticity-IDs in the first place? * What are the best practices to serialize Actitiy-IDs in a protocol? for HTTP a special Header may be used, but what about TDS (SQL-Server Protocol)? * What about other services that may be involved (e.g. an ISA Firewall between the Client and the Server, if ISA Server implements ETW (I don't know) should it be possible to included Firewall-Logs in the trace?) * What clients can be used to support such End-To-End Tracing Scenarios? GP |