Documentation
¶
Overview ¶
Package etw provides support for TraceLogging-based ETW (Event Tracing for Windows). TraceLogging is a format of ETW events that are self-describing (the event contains information on its own schema). This allows them to be decoded without needing a separate manifest with event information. The implementation here is based on the information found in TraceLoggingProvider.h in the Windows SDK, which implements TraceLogging as a set of C macros.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Channel ¶
type Channel uint8
Channel represents the ETW logging channel that is used. It can be used by event consumers to give an event special treatment.
const ( // ChannelTraceLogging is the default channel for TraceLogging events. It is // not required to be used for TraceLogging, but will prevent decoding // issues for these events on older operating systems. ChannelTraceLogging Channel = 11 )
type Level ¶
type Level uint8
Level represents the ETW logging level. There are several predefined levels that are commonly used, but technically anything from 0-255 is allowed. Lower levels indicate more important events, and 0 indicates an event that will always be collected.
Predefined ETW log levels from winmeta.xml in the Windows SDK.
type Opcode ¶
type Opcode uint8
Opcode represents the operation that the event indicates is being performed.
const ( // OpcodeInfo indicates an informational event. OpcodeInfo Opcode = iota // OpcodeStart indicates the start of an operation. OpcodeStart // OpcodeStop indicates the end of an operation. OpcodeStop // OpcodeDCStart indicates the start of a provider capture state operation. OpcodeDCStart // OpcodeDCStop indicates the end of a provider capture state operation. OpcodeDCStop )
Predefined ETW opcodes from winmeta.xml in the Windows SDK.
Source Files
Directories