Receiving FileIoName events not possible

Wiki Link: [discussion:274260]
SeidChr
Sep 29, 2011 at 2:38 PM

Hi,

I' trying to track file write io for certain files in a given directory.

The FileIoWrite events occur properly, but its not possible to lookup for the filenames, since the lookup table does not contain either the FileObject nor the FileKey.

It seems like the events are simply not provided by the session. How can i enable them? Even when I enable "All" keywords, im not receiving ANY name events.

It is a realtime session:

 

KernelSession = new TraceEventSession(
    KernelTraceEventParser.KernelSessionName, null);
KernelSource = new ETWTraceEventSource(
    KernelTraceEventParser.KernelSessionName, TraceEventSourceType.Session);
KernelParser = new KernelTraceEventParser(
    KernelSource);

...


KernelSession.StopOnDispose = true;

KernelSession.EnableKernelProvider(
    KernelTraceEventParser.Keywords.FileIO |
    KernelTraceEventParser.Keywords.FileIOInit |
    KernelTraceEventParser.Keywords.Thread);

SourceProcessor = Task.Factory.StartNew(() =>
    KernelSource.Process());

SeidChr
Sep 29, 2011 at 2:39 PM

I posted another request here : http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/43b8f4eb-f85c-4060-938a-c627bed2b3ab
SeidChr
Sep 30, 2011 at 12:29 PM

I tried to enable "KernelTraceEventParser.Keywords.DiskFileIO" only. There is not a single event. According to the comment on this flag it should deliver all of those naming events.

How can i get them?
Vancem
Oct 4, 2011 at 10:53 PM

What is needed is the FileName 'rundown' events.    These events map file objects  to their name, and are normally emitted at the end of a trace.

Current these events are only generated at 'rundown' when an ETL file closes and there is no way of triggering this in a realtime provider.

This has been fixed in Windows 8, but until then you must use a file to track File I/O.

 
Sign in to post message or set email notifications