To collect Event Trace Logs (ETL) or Error Tracing for Windows (ETW) logs using the Trace Logging tool, perform the following steps:
- Enable Host IPS 8.0 debug logging. See KB72869 for details.
- Download the EtlTrace.zip tool, from the Attachment section of this article, to the affected system running the Host IPS software.
- Extract the EtlTrace.zip tool to a local directory.
- Click Start, type cmd.exe in the Search bar, right-click Command Prompt from the list, and select Run as administrator.
- Navigate to the directory to which you extracted EtlTrace.zip, and run the following command with administrator rights:
EtlTrace.exe -Start
NOTE: Do not restart your computer after the ETL logging has started, because it will interrupt the logging process.
- Reproduce the issue.
- Return to the command prompt and run the following command:
EtlTrace.exe -Stop
- Collect the EtlTrace.log and Syscore.etl files for Technical Support.
To collect Boot Log Tracing logs using the Trace Logging tool, perform the following steps:
- Enable Host IPS 8.0 debug logging. See KB72869 for details.
- Download the EtlTrace.zip tool, from the Attachment section of this article, to the affected system running the Host IPS software.
- Extract the EtlTrace.zip tool to a local directory.
- Press Windows+R, type cmd, and click OK.
- Navigate to the directory to which you extracted EtlTrace.zip and run the following command:
EtlTrace.exe -StartBoot
- Restart your computer.
- At the command prompt, run the following command:
EtlTrace.exe -StopBoot
- Collect the EtlTrace.log and Syscore.etl files for Technical Support.
CAUTION: This article contains information about opening or modifying the registry.
- The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
- Before proceeding, Technical Support strongly recommends that you back up your registry and understand the restore process. For more information, see: http://support.microsoft.com/kb/256986.
- Do not run a REG file that is not confirmed to be a genuine registry import file.
NOTE: For Windows Server 2012 R2 systems, the boot time ETL is limited to 100 KB when using
EtlTrace.exe. To remove this limitation, add the following registry keys before rebooting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\_Syscore_Etl_Trace
(DWORD) BufferSize = 0x20
(DWORD) MaximumBuffers = 0x40