Monitoring ETW logs on remote computer

Question

The usage of Microsoft.Diagnostics.Tracing.TraceEvent library makes it easy to work with ETW logs on local machine - but is there really a way to do the same for remote server? This is how do I get the events of interest on local machine. Really interested how would one achieve the same result in case of events being generated for different machine.

 public LoggingEventArgs ListenForEvent(string eventName, int level, int maxWaitTimeInSec = 30)
    {
        if (!(TraceEventSession.IsElevated() ?? false))
        {                
            _logger.Error("To turn on ETW events you need to be Administrator.");
            return null;
        }

        LoggingEventArgs result = null;

        _logger.Info("Creating a '{0}' session", _sessionName);
        using (var session = new TraceEventSession(_sessionName))
        {
            _timer = ConstructTimerForSession(session, maxWaitTimeInSec);

            TargetEventReceived += delegate (object sender, LoggingEventArgs e)
            {
                //if level is not negative, check for specific level of incoming event. 
                //Otherwise track all levels
                bool condition = level > 0 ? e.Level == level : true;                    
                if (condition)
                {
                    result = e;
                    StopListeningForEvents(session);
                }
            };

            AddCallbackForProviderEvent(session, _providerName, eventName);

            StartListeningForEvents(session, _providerName, _timer);
        }
        return result;
    }

Answer 1

This probably isn't exactly what you are looking for but your best bet is to use the Semantic Logging Application Block (SLAB) out of process option which installs an agent on the remote machine. Then the SLAB process can write your logs to a remote SQL server or remote file.