0

I write a custom EventSource class and add a method for log as below:

[EventSource(Name = "MyCompany")]
public class MyCompanyEventSource : EventSource
{
[Event(6, Message = "test.", Keywords = Keywords.Perf,
            Level = EventLevel.Warning)]
        public void Test()
        {
            this.WriteEvent(6);
        }
}

And I used the SemanticLogging-svc.exe -c to start the trace event service, and before execute this cmd I also config the SemanticLogging-svc.xml to 

<eventSource name="MyCompany" level="LogAlways"/>

And then I start to call the Test() method. For the first time, the flatFileSink will record the correct level of the event as Warning. However, after I changed the Test() method's level in the attribute to Critical and call the Test() method, the flatFileSink will still record the level as Warning. It was totally wrong! I know it was the the schema of the EventEntry which is the OnNext methods parameter. But if I use in-process listener, the level could be able to updated to Critical which is correct.

So, why is the level still the old one if I use the out-of-process? Is that something issue with the ETW? It looks like there are some cache in the machine. And this cache could not be clear no matter stop and delete the Event Trace Session in Performance Monitor nor restart the computer. I really want to clear this cache but I did not know how to make it.

And I know that if I changed the Version in the Event Attribute or changed the EventSource Name to another, the level will be update for the out-of-process. But it's not a good way I think since we may forgot to change the Version.

So, could someone help me?

capcom923
  • 638
  • 5
  • 15

2 Answers2

1

The problem stems from the Out-of-Process Logger caching the manifests for event sources: TraceEventManifestsCache.

This cache writes the manifest XML to a temp directory generated with the path:

Path.Combine(Path.GetTempPath(), "7D2611AE-6432-4639-8B91-3E46EB56CADF");

The value of Path.GetTempPath() depends on the user the service is running as, as well as the version of Windows you're running on. In this temp directory you can find your cached manifest.

The service doesn't make it clear under what conditions it flushes the cached manifest, however it doesn't seem to always trigger when you expect.

If you delete the cached file for your manifest, it will force the provider to fetch a new version of the manifest. You should restart the service to make it grab the manifest immediately.

Paul Turner
  • 38,949
  • 15
  • 102
  • 166
  • @user853509, I think this can be a good option to achieve what you are looking for. Regarding the cached manifest: the deletion Tragedian is proposing should work, and if you really need to achieve manifest updating you can fork the [project in Github](https://github.com/mspnp/semantic-logging) and add this feature, or even propose it raising a new issue. – mekoda Feb 17 '16 at 13:56
  • Thanks! It's the best practice! You help us a lots! – capcom923 Apr 27 '16 at 07:48
  • I think MS should consider a option to switch this cache flag. The beginner will suffer a long time by this cache. Since there is no document explain this feature. – capcom923 Apr 27 '16 at 07:50
0

In theory, updating the Version property of the Event attribute should do the trick. Emphasize on should.

It doesn't always work, the schema of your EventSource is stored in a secret magic undocumented location that gets updated somehow at some point if feels like it. Rebooting doesn't even help.

spenibus
  • 4,339
  • 11
  • 26
  • 35
ML64
  • 21
  • 1
  • 2
  • Thanks for your comment. I think it is really hard to maintain the EventSource since this feature of ETW. Updating a eventsource schema should be a frequent case while developing or in the release stage. However, if we need to update the version or change the event source name when we change any one of the event schema, we will be crazy since we also have to update the Semantic Logging Service xml configuration every time. – capcom923 Nov 19 '15 at 16:47