Example 6: Tracing Special Sessions
You can use Tracefmt to format trace messages from the NT Kernel Logger, WMI Event Logger, and Global Logger reserved trace sessions.
The following command formats and displays trace messages from an NT Kernel Logger real-time trace session. (For information about starting an NT Kernel Logger trace session, see TraceView or Tracelog.)
tracefmt -rt -tmf system.tmf -display
This command does not include the name of the trace session, even though it uses the -rt parameter. It is not required in this case, because "NT Kernel Logger" is the default value.
However, the -tmf parameter is required in order to direct Tracefmt to the system.tmf file. By default, Tracefmt uses default.tmf, which does not include formatting instructions for NT Kernel Logger trace messages. The -p parameter finds the TMF file only when the TMF file name is a message guid, such as 37753236-c81f-505e-d40a-128d3bb2b5ff.tmf.
This command also uses the -display parameter, which displays the trace messages in the Command Prompt window in addition to writing them to a log file. In this case, because the -o parameter is omitted, the messages are written to the default log file, FmtFile.txt, in the local directory.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for