Tracelog Basics

Tracelog, an event tracing controller that runs at the command line, includes the following features:

Tracelog produces an event trace log (.etl) file that contains the trace messages generated by the provider during the trace session. The messages are stored in binary format in the file. To display the trace messages in a readable format, use TraceView or Tracefmt.

Tracelog controls kernel-mode and private (user-mode) trace sessions, and special sessions such as the NT Kernel Logger trace session and the Global Logger trace session.

Tracelog runs on Windows 2000 and later versions of Windows.

To control a trace session on Windows Server 2003 and later versions of Windows, you must be a member of the Performance Log Users group or the Administrators group on the computer.

Many of the features of Tracelog are also available in TraceView, a tool included in the Windows Driver Kit (WDK) that has a graphical user interface in addition to a command-line interface.

Tracelog and TraceView are located in the tools\tracing\<Platform> subdirectory of the Windows Driver Kit (WDK), where <Platform> is either i386, amd64, or ia64.



Send comments about this topic to Microsoft

Build date: 7/22/2013