Save-Etw
Syntax
Save-EtwTraceSession
[-Name] <String>
[-OutputFile <FileInfo>]
[-OutputFolder <DirectoryInfo>]
[-Stop]
[-Overwrite]
[-CimSession <CimSession>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Description
The Save-EtwTraceSession cmdlet saves the events collected by the ETW session to an .etl file.
Required Parameters
Specifies the name of the ETW session.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Optional Parameters
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
| Type: | CimSession |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the file to save the .etl file to for the ETW session.
| Type: | FileInfo |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByValue) |
| Accept wildcard characters: | False |
Specifies the folder to save the .etl file to for the ETW session.
When this parameter is set, the file name of the .etl will be selected automatically based on the session properties.
If the session is a buffering mode session, the file name will be the name of the session.
If the session is a file mode session, the file name will be the file name of the currently being written to.
To control the file name as well as the output folder, use the OutputFile parameter instead.
| Type: | DirectoryInfo |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByValue) |
| Accept wildcard characters: | False |
Controls whether an existing file should be overwritten by saving this session.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Controls whether the session should be stopped after the save is complete.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
System.IO.FileInfo, System.IO.DirectoryInfo
Outputs
System.IO.FileInfo, CIM_DataFile
This cmdlet returns a System.IO.FileInfo object that represents a file on the local computer. The object is returned when the current session is saved successfully to a file on the local machine.
This cmdlet returns a CIM_DataFile object when the current session is saved successfully to a file over a CIM session.