New-AutologgerConfig

Creates an Autologger session configuration in the registry.

Syntax

New-AutologgerConfig
   -Name <String>
   [-BufferSize <UInt32>]
   [-ClockType <ClockType>]
   [-DisableRealtimePersistence <UInt32>]
   [-FileCount <UInt32>]
   [-LocalFilePath <String>]
   [-FileMax <UInt32>]
   [-FlushTimer <UInt32>]
   [-Guid <String>]
   [-LogFileMode <UInt32>]
   [-MaximumFileSize <UInt32>]
   [-MaximumBuffers <UInt32>]
   [-MinimumBuffers <UInt32>]
   [-Start <Enabled>]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AutologgerConfig cmdlet creates an Autologger session configuration in the registry.

Examples

Example 1: Create a configuration

PS C:\> New-AutoLoggerConfig -Name "WFP-IPsec Trace"

This command creates an AutoLogger configuration named WFP-IPsec Trace.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the Receive-Job cmdlet.

For more information about Windows PowerShell background jobs, see about_Jobs.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BufferSize

Specifies the ETW session buffer size, in kilobytes.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ClockType

Specifies the type of timestamp that will be used for each event logged to this ETW session.

This is an advanced session configuration option, and it is not recommended that this parameter be set.

For more information, see the description of the ClientContext field in WNODE_HEADER structure for a description of clock types.

Type:ClockType
Accepted values:Performance, System, Cycle
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableRealtimePersistence

Controls whether undelivered events from a real time session will be delivered or discarded when Windows next starts up.

For more information, see Configuring and Starting an AutoLogger Session in MSDN.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FileCount

Specifies the file count value.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FileMax

Specifies the maximum number of log files an AutoLogger session can create.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FlushTimer

When set, all active buffers in the session will be flushed at this interval, in seconds.

This is an advanced session configuration option, and it is not recommended that this parameter be set.

If it is not set, the ETW will select an appropriate default based on the LogFileMode.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Guid

Specifies a unique GUID for this AutoLogger session.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LocalFilePath

Specifies the full path to the file the ETW session should write to. For non-buffering mode sessions only.

When creating a new-file file mode session, the file path must contain a %d in the file name.

Do not use this parameter if the session is configured as a buffering mode session. Use Save-EtwTraceSession to save a buffering mode session to disk instead.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-LogFileMode

Specifies the ETW session logging mode. The value is a bitmask of the ETW logging mode constants.

For more information, see Logging Mode Constants in MSDN.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumBuffers

Specifies the maximum number of buffers the ETW session should use.

The ETW session will use a maximum of (BufferSize * MaximumBuffers) kilobytes of memory. Depending on the specified LogFileMode, this may be pageable or non-paged memory.

If the session is losing events because the buffers cannot be flushed quick enough to keep up with the incoming event rate, try increasing this value.

Configuring a session to use too many buffers may affect system performance.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumFileSize

Specifies the maximum file size for the output .etl file to grow to, in megabytes.

The parameter must be set for a circular, new-file, or sequential file mode ETW session.

For circular sessions, once the file reaches this size the oldest buffers will be overwritten by the new buffers.

For new-file sessions, once the file reaches this size a new file will be created and all new events will be written to that file.

For sequential file sessions, once the file reaches this size the session will stop.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MinimumBuffers

Specifies the minimum number of buffers the ETW session should use.

The ETW session will use a minimum of (BufferSize * MinimumBuffers) kilobytes of memory. Depending on the specified LogFileMode, this may be pageable or non-paged memory.

If the session is losing events because the buffers cannot be flushed quick enough to keep up with the incoming event rate, try increasing this value.

Configuring a session to use too many buffers may affect system performance.

Type:UInt32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name of the new AutoLogger session. This will be used as the name of the ETW session that gets created by this AutoLogger.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Start

If set to Enabled, an ETW session for this AutoLogger will be created when Windows starts.

Type:Enabled
Accepted values:Disabled, Enabled
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False