Tracelog, an event tracing controller that runs at the command line, includes the following features:
Configures and changes the properties of trace sessions
Enables and disables trace providers
Flushes trace session buffers
Lists running (real-time) trace sessions
Measures time spent in deferred procedure calls (DPCs) and interrupt service routines (ISRs)
Tracelog produces an event trace log (.etl) file that contains the trace messages generated by the provider during the trace session. The messages are stored in binary format in the file. To display the trace messages in a readable format, use TraceView or Tracefmt.
Tracelog runs on Windows 2000 and later versions of Windows.
To control a trace session on Windows Server 2003 and later versions of Windows, you must be a member of the Performance Log Users group or the Administrators group on the computer.
Many of the features of Tracelog are also available in TraceView, a tool included in the Windows Driver Kit (WDK) that has a graphical user interface in addition to a command-line interface.
Tracelog and TraceView are located in the tools\tracing\<Platform> subdirectory of the Windows Driver Kit (WDK), where <Platform> is either i386, amd64, or ia64.
Build date: 6/20/2013