I have a use case where, in UWP, I need to subscribe to an ETW provider. And whenever an event is logged to the provider, I would like to intercept that event and log parts of the event (for example - Details, LogLevel, etc.) to a custom file in plain text format in Application Data.
Take for example, this provider: Microsoft-Windows-Diagnostics-Networking {36C23E18-0E66-11D9-BBEB-505054503030}
I have found a way to generate ETL files using LoggingChannel and FileLoggingSession:
ILoggingChannel loggingChannel = new LoggingChannel("someLoggingChannel", null, new Guid("36C23E18-0E66-11D9-BBEB-505054503030"));
FileLoggingSession session = new FileLoggingSession("someLoggingSession");
session.LogFileGenerated += Session_LogFileGenerated;
session.AddLoggingChannel(loggingChannel, LoggingLevel.Information);
I have also found a way to use EventSource and EventListener to generate custom events, capture when those events are fired, and log it to a file. I followed the example here: https://code.msdn.microsoft.com/windowsapps/Logging-Sample-for-Windows-0b9dffd7
However, I haven't yet found a way to subscribe to an ETW provider (in this case Microsoft-Windows-Diagnostics-Networking {36C23E18-0E66-11D9-BBEB-505054503030}), intercept the ETW events being written to it and log it in a custom file format.
My use case is that I would like to capture these logs and send them to a backend for some automated processing. The backend doesn't have the capability to process ETL files (backend is not written in .NET/C#) which is why I can't just send the ETL file generated in the sample code to the backend.
I have found examples that might work for non-UWP use cases (Can't post links because I don't have 10 reputation points):
- The nuget package for Microsoft.Diagnostics.Tracing.TraceEvent
- system.diagnostics.eventing.reader.eventlogwatcher
Please let me know if I can provide more details.
I would appreciate any help/pointers.
