Add-Etw
Trace
Provider
Syntax
Add-EtwTraceProvider
[-Guid] <String>
[-Level <Byte>]
[-MatchAnyKeyword <UInt64>]
[-MatchAllKeyword <UInt64>]
[-Property <UInt32>]
-SessionName <String>
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-EtwTraceProvider
[-Guid] <String>
-AutologgerName <String>
[-Level <Byte>]
[-MatchAnyKeyword <UInt64>]
[-MatchAllKeyword <UInt64>]
[-Property <UInt32>]
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Add-EtwTraceProvider cmdlet adds an Event Tracing for Windows (ETW) trace provider to a specified ETW trace session or AutoLogger session configuration with the specified parameters.
Examples
Example 1: Add an ETW trace provider to an AutoLogger configuration
PS C:\> Add-EtwTraceProvider -Guid "{5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}" -AutologgerName "WFP-IPsec Trace"
SessionName :
AutologgerName : WFP-IPsec Trace
Guid : {5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}
Level : 0
MatchAnyKeyword : 0x0
MatchAllKeyword : 0x0
Property : 0
This command adds the ETW trace provider that has the specified GUID to an AutoLogger configuration named WFP-IPsec Trace.
Example 2: Add an ETW trace provider to an ETW session
PS C:\> Add-EtwTraceProvider -Guid "{5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}" -SessionName "VMM"
SessionName : VMM
AutologgerName :
Guid : {5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}
Level : 0
MatchAnyKeyword : 0x0
MatchAllKeyword : 0x0
Property : 0
This command adds the ETW trace provider that has the specified GUID to an session named VMM.
Required Parameters
Specifies the name of the target AutoLogger session.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the provider ID.
Type: | String |
Position: | 0 |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the name of the target ETW session.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Optional Parameters
Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.
The cmdlet immediately returns an object that represents the job and then displays the command prompt.
You can continue to work in the session while the job completes.
To manage the job, use the
*-Job
cmdlets.
To get the job results, use the
Receive-Job
cmdlet.
For more information about Windows PowerShell background jobs, see about_Jobs .
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Type: | CimSession[] |
Aliases: | Session |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the maximum event level for which to enable for collection.
For more information, see EnableTraceEx2 function on MSDN.
Type: | Byte |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies a bitmask of keywords an event must match in order to be logged to the session.
An event must match every keyword set by this parameter. Most of the time, the MatchAnyKeyword parameter is more suitable.
For more information, see EnableTraceEx2 function on MSDN.
Type: | UInt64 |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies a bitmask of keywords an event must match in order to be logged to the session.
An event must match at least one keyword set by this parameter.
For more information, see EnableTraceEx2 function on MSDN.
Type: | UInt64 |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the Enable property to use for events logged from this provider to the session.
For more information, see Configuring and Starting an AutoLogger Session .
Type: | UInt32 |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of zero is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Type: | Int32 |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |