Add-EtwTraceProvider

Module:

EventTracingManagement

Adds an ETW trace provider to an ETW trace session or AutoLogger session configuration.

Syntax

Add-EtwTraceProvider
   [-Guid] <String>
   [-Level <Byte>]
   [-MatchAnyKeyword <UInt64>]
   [-MatchAllKeyword <UInt64>]
   [-Property <UInt32>]
   -SessionName <String>
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Add-EtwTraceProvider
   [-Guid] <String>
   -AutologgerName <String>
   [-Level <Byte>]
   [-MatchAnyKeyword <UInt64>]
   [-MatchAllKeyword <UInt64>]
   [-Property <UInt32>]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-EtwTraceProvider cmdlet adds an Event Tracing for Windows (ETW) trace provider to a specified ETW trace session or AutoLogger session configuration with the specified parameters.

Examples

Example 1: Add an ETW trace provider to an AutoLogger configuration

PS C:\> Add-EtwTraceProvider -Guid "{5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}" -AutologgerName "WFP-IPsec Trace"
SessionName     : 
AutologgerName  : WFP-IPsec Trace
Guid            : {5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}
Level           : 0
MatchAnyKeyword : 0x0
MatchAllKeyword : 0x0
Property        : 0

This command adds the ETW trace provider that has the specified GUID to an AutoLogger configuration named WFP-IPsec Trace.

Example 2: Add an ETW trace provider to an ETW session

PS C:\> Add-EtwTraceProvider -Guid "{5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}" -SessionName "VMM"
SessionName     : VMM
AutologgerName  : 
Guid            : {5EEFEBDB-E90C-423A-8ABF-0241E7C5B87D}
Level           : 0
MatchAnyKeyword : 0x0
MatchAllKeyword : 0x0
Property        : 0

This command adds the ETW trace provider that has the specified GUID to an session named VMM.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the Receive-Job cmdlet.

For more information about Windows PowerShell background jobs, see about_Jobs.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-AutologgerName

Specifies the name of the target AutoLogger session.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:	CimSession[]
Aliases:	Session
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Guid

Specifies the provider ID.

Type:	String
Position:	0
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-Level

Specifies the maximum event level for which to enable for collection.

For more information, see EnableTraceEx2 function on MSDN.

Type:	Byte
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-MatchAllKeyword

Specifies a bitmask of keywords an event must match in order to be logged to the session.

An event must match every keyword set by this parameter. Most of the time, the MatchAnyKeyword parameter is more suitable.

For more information, see EnableTraceEx2 function on MSDN.

Type:	UInt64
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-MatchAnyKeyword

Specifies a bitmask of keywords an event must match in order to be logged to the session.

An event must match at least one keyword set by this parameter.

For more information, see EnableTraceEx2 function on MSDN.

Type:	UInt64
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Property

Specifies the Enable property to use for events logged from this provider to the session.

For more information, see Configuring and Starting an AutoLogger Session.

Type:	UInt32
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-SessionName

Specifies the name of the target ETW session.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of zero is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:	Int32
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Related Links

• Configuring and Starting an AutoLogger Session
• Configuring and Starting an Event Tracing Session
• Get-EtwTraceProvider
• Remove-EtwTraceProvider
• Set-EtwTraceProvider